Passing x-auth0-token while using dgraph-js-http

What’s the right way to pass the x-auth0-token header when using the dgraph-js-http client?

I wasn’t able to find an option to add this header and hence tweaked the code and added a client.setCustomHeader() method to achieve this functionality.

But now I seem to be stuck with this CORS error - “Request header field x-auth0-token is not allowed by Access-Control-Allow-Headers in preflight response.”.

Custom headers can be set via options argument for the client stub constructor.

Ratel does that and [a hacky way] to change headers later is to mutate the options.headers object

However, dgraph-js-http is a library for sending DQL queries to an alpha server.
But custom auth like x-auth0-token operates on the GraphQL layer.

There is simply no need to set x-auth0-token in dgraph-js-http because it won’t have any effect.
@michaelcompton please correct me if I’m wrong

I think Paul’s right - it’s already got the Dgraph login logic built-in, right? So any DQL queries sent through it should have all the headers that make sense.

If you are looking to send GraphQL queries, then you want a GraphQL client (like Apollo client or urql) not the dgraph client

The purpose of attaching the x-auth0-token was to make use of dgraph’s auth directive so that I can manage access control according to user’s role at a type level. I wrote some custom rules in the authentication layer to append claims to indicate user role and would like to pass this auth token while making queries so that dgraph could validate the request.

Am I correct in assuming that this functionality works with DQL queries as well? I moved from Apollo client to dgraph-js-http in favor of being able to send DQL queries but while Apollo seemed to have handled attaching the x-auth0-token in header well, I had trouble doing the same with dgraph-js-http.

PS. I understand from further reading that the auth directive is limited to GraphQL and does not apply to DQL. I’d love to see this feature apply to DQL in the future, but for now I think I’ll have to write the access control rules serverside and forward the request to dgraph on validating the claims.