I am implementing a GraphQL API that I'm trying to secure with JWT.
In my Startup.cs I'm implementing
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = Configuration["JWT:Issuer"],
ValidAudience = Configuration["JWT:Audience"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:Secret"]))
};
});
and
app.UseAuthentication(); <---------- Added authentication
app.UseGraphQL<ToGatherSchema>();
app.UseGraphQLPlayground(new GraphQLPlaygroundOptions());
I tested authentication on one of my file controllers by adding
[Authorize] <---------- Added authentication
public class FilesController : Controller
{
...
and it works like a charm, but I cannot seem to get it to authenticate my GraphQL endpoint. I can run queries and mutations without a token in http header.
I've seen some people creating a separate controller to handle POST requests to /graphql
endpoint, but it seems like more of a workaround than a solution.
Is there a way to do this?
Cheers!
An old question I know, but I stumbled across it having the same problem. I solved it by adding a call to MapGraphQL in UseEndpoints. The RequireAuthorization method ensures that authentication is required for the endpoint.
app.UseAuthentication(); <---------- Added authentication
app.UseGraphQL<ToGatherSchema>();
app.UseGraphQLPlayground(new GraphQLPlaygroundOptions());
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
endpoints.MapGraphQL<ToGatherSchema>().RequireAuthorization();
});
GraphQl API by default works like a middleware, so it's impossible to use the authorize attribute or JWT token for a communication. A separate route is the only one way.
Also, you able to use UserContext but I'm not sure if this solution what you a looking for.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.