DEV Community

loading...

Discussion on: How to Auth: Securing Your GraphQL API with Confidence

Collapse
davekoala profile image
Dave Clare

@mandiwise Thanks so much for all your work and sharing your knowledge. I've been using your examples to improve our Apollo graphql product - it was a huge messy monolith but now it has a mix of federated goodness and local schema (there are parts of our infrastructure that are off limits so using local typeDefs and resolvers)

All work brilliantly until it comes to passing auth headers when extending entities. I can prove that both the remote and local services use the Auth bearer token as they need that to call api's. But, when extending entities e.g.

extend type User @key(fields: "id") {
    id: ID! @external
  }
Enter fullscreen mode Exit fullscreen mode

And this within the resolver

async users({ userIds }: { userIds: string[] }, _: , context): Promise<unknown | null> {
      return userIds.map((id) => ({ __typename: 'User', id, context }));
    },
Enter fullscreen mode Exit fullscreen mode

I am getting:

DOWNSTREAM_SERVICE_ERROR
Invalid value "undefined" for header "Authorization"

"stacktrace": [
"GraphQLError: Invalid value "undefined" for header "Authorization"",
" at downstreamServiceError (/Users/davidclare/Documents/strata 2/federated-graphql/app/node_modules/@apollo/gateway/src/executeQueryPlan.ts:474:10)",

Forem Open with the Forem app