Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to validate the authorization token #7884

Closed
geetparekh opened this issue May 30, 2024 · 2 comments
Closed

How to validate the authorization token #7884

geetparekh opened this issue May 30, 2024 · 2 comments

Comments

@geetparekh
Copy link

geetparekh commented May 30, 2024
edited
Loading

This section has useful information for how to do authorization. However, it does not show the details for how to implement the getUser function. The getUser() in this case, should take in the authorization header and return a response based on the validation. I propose to add those details too or provide a link to the document showing how to do that.

Following is what we do to validate the token and if it is fine, I can go ahead and create a PR editing the page with these details:

Also, we use Apollo Express Middleware, so probably these details can go in some other page too showing a reference for how to do this with the express server.

import JWT from "jsonwebtoken";

app.use('/graphql',
  cors<cors.CorsRequest>(),
  express.json(),
  expressMiddleware(server, {
    context: async ({ req }) => ({
      sessionConfig: {
        jwt: verifyTokenAndReturnPayload(req.headers.authorization)
      }
    })
  }));

/**
 * Verify token and return payload in case of successful verification. 
 * Else throw GraphQLError back as response to the request
 * 
 * @param authHeader 
 * @returns 
 */
function verifyTokenAndReturnPayload(authHeader: string){
  try {
    return JWT.verify(authHeader.split(' ')[1], token_secret);
  } catch (error) {
    console.log(error)
    throwAuthError();
  }
}

/**
 * Throw GraphQLError indicating user authentication failure
 */
function throwAuthError() {
  throw new GraphQLError('User is not authenticated', {
    extensions: {
      code: 'UNAUTHENTICATED',
      http: { status: 401 },
    },
  });
}

If there is an easier way to do this without importing jsonwebtoken library, I will be happy to change our implementation to use that. Noticed that what works with standalone server does not always work with the express middleware server. On the other hand, if the code above is good, I will be happy to contribute to the neo4j/graphql library to have a function available within it to validate the token.
@geetparekh geetparekh changed the title Proposing to add more information in the documentation How to validate the authorization token May 30, 2024
@geetparekh
Copy link
Author

Closing the issue here as I posted the same here

@github-actions GitHub Actions
Copy link
Contributor

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
For general questions, we recommend using StackOverflow or our discord server.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 30, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@geetparekh