Authorization: Bearer {token}

With the graphql schema Authorization Provider config.

# Dgraph.Authorization {"VerificationKey":"","Header":"","Namespace":"","Algo":"","Audience":[]}

How would you specify to grab the jwt token from the Authorization header?

Auhtorizaion: Bearer {token}
1 Like

You would need to specify the Header key as Authorization, like this:

# Dgraph.Authorization {"VerificationKey":"","Header":"Authorization","Namespace":"","Algo":"","Audience":[]}

Then you get an error that the token is invalid, because Dgraph does not strip bearer from the Authorization header.

{
  "errors": [
    {
      "message": "mutation failed because authorization failed because unable to parse jwt token:token is malformed: tokenstring should not contain 'bearer '"
    }
  ],
 ...
}

Ok, at present, the header should directly contain the JWT token without the Bearer part.
If you don’t want to use Authorization header for that purpose, because you may be using it for other places too, then you can use a custom header at present which just contains the JWT token.

We will add support for standard Authorization header parsing later.

1 Like

@hardik – Can you please get this issue resolved?

I don’t see any issue related to Bearer token

I have a fix in a fork for this. Just trying to get testing working in my fork before submitting a PR.

thats great @matthewmcneely . cc: @abhimanyusinghgaur

@vvbalaji Any chance we could video conference for 15 minutes to help me get the testing in the /t folder working? Can’t seem to get the tests to find my cluster.

Or maybe there’s an internal doc somewhere you could point me to.

In the meantime, the first change in this diff is how I fixed the Bearer issue @abhimanyusinghgaur — might be easier than me getting je_malloc and my other build issues dealt with in order to create a PR.

Perhaps the team can help you create a PR, so our TeamCity can run the tests automatically.

@mrjn Indeed, appreciate any help… there’s issues with my local builds for testing with jemalloc and tagging images that I’m stymied on (can’t find any docs save the readme in the /t folder).

Note, I’m able to build the Docker images on my machine (OSX), it’s just those native builds that seem to be failing. With the dropping of OSX and Windows native support, maybe the tests should be converted to only use Docker images.

@hardik : Can we add a task to simplify the builds?

Hi @matthewmcneely,

I have raised a PR for the same against the master branch with the required tests: feat(GraphQL): Add support for passing OAuth Bearer token as authorization JWT (GRAPHQL-1049) by abhimanyusinghgaur · Pull Request #7490 · dgraph-io/dgraph · GitHub

Could you please have a look and approve if it suffices the use case?

Thanks

@abhimanyusinghgaur Sorry for the late reply (didn’t get the expected email notification). That looks good… glad you created it as it seems there were more places to touch. Thanks for getting this in!