JWT is stored in httponly cookie , i donot wanna use proxy, since cookie is sent automatically i was wondering if there is a way in dgraph to parse it
From a client like Apollo Client, you can include the JWT in the request header. It’s a one time config from your client code and it’ll be automatic from that point onwards.
I’m assuming you’re using the @auth
directive. In your schema, you probably defined the Dgraph.Authorization
object. In the Header
field of that object, you can specify which header will contain the JWT.
So first, find out what Header
you specified.
Then, include this config in your client (using Apollo Client as an example here: Authentication - Client (React) - Apollo GraphQL Docs)
More info here towards the bottom of the page: https://dgraph.io/docs/graphql/authorization/authorization-overview/
Yeah I could easily intercept from apollo client but its in httponly cookie so not accessible in frontend
I would be interested to know the real answer to the possible existence of this http-only cookie authentication ? Does dgraph graphQL api allows cookie-based authentication ?
Forcing authorization via headers forces us to manipulate jwt in the frontend browser, exposing our apps to token exfiltrations as no one can secure secret data in a browser.