Cognito Authentication

zmajew · October 23, 2021, 8:03am

Hi,
I am trying to integrate AWS Cognito authentication in GraphQl schema.

I have added this line to the bottom of my graphql schema

# Dgraph.Authorization {"VerificationKey":"","Header":"Bearer", "jwkurl":"https://cognito-idp.<conito_region>.amazonaws.com/<cognito_user_pool_id>/.well-known/jwks.json", "Namespace":"default","Algo":"","Audience":["<cognito_api_name>", "<app_client_id"], "ClosedByDefault": true}

here is my curl request (I have obtained valid token):

curl --location --request POST 'localhost:8082/graphql' \
--header 'Authorization: Bearer <obtained_valid_token>' \
--header 'Content-Type: application/json' \
--data-raw '{"query":"query {\n  getCommercial (id: \"0x2718\")  {\n          id\n          name\n          \n  }\n}","variables":{}}'

and I got error response:

{
    "errors": [
        {
            "message": "couldn't rewrite query getCommercial because a valid JWT is required but was not provided",
            "path": [
                "getCommercial"
            ]
        }
    ]
  }
}

What I am doing wrong here, and how to better trace an errors, since I do not have any logs conserning authorisatin from the dgraph docker containers?

amaster507 · October 23, 2021, 3:36pm

Does not jive with:

Use instead:

--header 'Bearer: <obtained_valid_token>'

You defined in your schema that the header “Bearer” would have your JWT token, but then you provided it in the “Authorization” header instead.

zmajew · October 23, 2021, 6:04pm

I think in the authorization line in GraphQL schema documentation talks about authorisation headers (X-Dgraph-AccessToken, X-Dgraph-AuthToken, Content-Type, Content-Length, Accept-Encoding, Cache-Control, X-CSRF-Token, X-Auth-Token, X-Requested-With,Bearer)
The header from the curl is the HTTP header.

--header 'Authorization: Bearer <obtained_valid_token>'

Besides that, I have tried, and it is not working.

amaster507 · October 23, 2021, 10:37pm

From docs

The Dgraph.Authorization object uses the following syntax:
{"Header":"", "Namespace":"", "Algo":"", >"VerificationKey":"", "JWKURL":"", "Audience":[], >"ClosedByDefault": false}
This object contains the following values:

Header is the header that requests use to store the signed JWT.

So whatever the string you put in that value in the schema is the name of the header it looks for.

Topic		Replies	Views
Authorization: Bearer {token} GraphQL auth , kind:enhancement , status:accepted , ticket:created	12	2860	March 3, 2021
More easier auth example to understand GraphQL kind:question , auth , dgraph	1	494	August 11, 2020
About Dgraph.Authorization and @auth GraphQL	10	845	November 28, 2021
DGO how do you add an Authorization token to dgraph queries Dgraph Cloud kind:question , auth , dgo	0	650	January 31, 2021
Issue with Slash GraphQL Authentication Dgraph Cloud / Slash GraphQL	5	930	March 9, 2021

Cognito Authentication

Related Topics