Cognito Authentication

zmajew · October 23, 2021, 8:03am

Hi,
I am trying to integrate AWS Cognito authentication in GraphQl schema.

I have added this line to the bottom of my graphql schema

# Dgraph.Authorization {"VerificationKey":"","Header":"Bearer", "jwkurl":"https://cognito-idp.<conito_region>.amazonaws.com/<cognito_user_pool_id>/.well-known/jwks.json", "Namespace":"default","Algo":"","Audience":["<cognito_api_name>", "<app_client_id"], "ClosedByDefault": true}

here is my curl request (I have obtained valid token):

curl --location --request POST 'localhost:8082/graphql' \
--header 'Authorization: Bearer <obtained_valid_token>' \
--header 'Content-Type: application/json' \
--data-raw '{"query":"query {\n  getCommercial (id: \"0x2718\")  {\n          id\n          name\n          \n  }\n}","variables":{}}'

and I got error response:

{
    "errors": [
        {
            "message": "couldn't rewrite query getCommercial because a valid JWT is required but was not provided",
            "path": [
                "getCommercial"
            ]
        }
    ]
  }
}

What I am doing wrong here, and how to better trace an errors, since I do not have any logs conserning authorisatin from the dgraph docker containers?

amaster507 · October 23, 2021, 3:36pm

Does not jive with:

Use instead:

--header 'Bearer: <obtained_valid_token>'

You defined in your schema that the header “Bearer” would have your JWT token, but then you provided it in the “Authorization” header instead.

zmajew · October 23, 2021, 6:04pm

I think in the authorization line in GraphQL schema documentation talks about authorisation headers (X-Dgraph-AccessToken, X-Dgraph-AuthToken, Content-Type, Content-Length, Accept-Encoding, Cache-Control, X-CSRF-Token, X-Auth-Token, X-Requested-With,Bearer)
The header from the curl is the HTTP header.

--header 'Authorization: Bearer <obtained_valid_token>'

Besides that, I have tried, and it is not working.

amaster507 · October 23, 2021, 10:37pm

From docs

The Dgraph.Authorization object uses the following syntax:
{"Header":"", "Namespace":"", "Algo":"", >"VerificationKey":"", "JWKURL":"", "Audience":[], >"ClosedByDefault": false}
This object contains the following values:

Header is the header that requests use to store the signed JWT.

So whatever the string you put in that value in the schema is the name of the header it looks for.

Topic		Replies	Views
Authorization: Bearer {token} GraphQL auth , kind:enhancement , status:accepted , ticket:created	12	3200	March 3, 2021
Auth on Schema, invalid "Alg" GraphQL schema	9	565	June 8, 2021
More easier auth example to understand GraphQL kind:question , auth , dgraph	1	532	August 11, 2020
How does Slash GraphQL Verify JWTs (Cognito) Dgraph Cloud kind:question	4	704	December 23, 2020
Overview - Graphql Documentation	4	890	February 1, 2021

Cognito Authentication

Related topics