graphqlsession-cookiesapollo-serverexpress-graphql
Apollo 2.0.0 Graphql cookie session
Can someone help me on this, My setup was as follows prior to Apollo 2.0, I had a server.js in which i used express and graphql-server-express I had a http only cookie session, when a user logs in I set the jwt token as a cookie and it is set in browser as http only. On subsequent request I validate the cookie that the browser passes back. It was all working fine and I could access the token from req.session.token in any other resolver and validate the jwt token saved in the cookie session.
server.js
import express from 'express';
import { graphqlExpress, graphiqlExpress } from 'graphql-server-express';
import { ApolloEngine } from 'apollo-engine';
import bodyParser from 'body-parser';
import cors from 'cors';
import cookieSession from 'cookie-session';
import schema from './schema/';
const server = express();
server.use(
cookieSession({
name: 'session',
keys: 'k1,k2',
maxAge: 30 * 60 * 1000,
domain: '.mydomain.com',
path: '/',
}),
);
const corsOptions = {
origin: 'http://local.mydomain.com:3000',
credentials: true,
methods: ['GET', 'PUT', 'POST', 'OPTIONS'],
};
server.use(cors(corsOptions));
server.use(
'/graphql',
bodyParser.json(),
graphqlExpress(req => ({
schema,
tracing: true,
context: { req },
})),
);
if (process.env.NODE_ENV !== 'production') {
server.use('/graphiql',graphiqlExpress({endpointURL: '/graphql'}));
}
const engine = new ApolloEngine({
apiKey: engineConfig.apiKey,
});
engine.listen(
{
port: 3000,
graphqlPaths: ['/graphql'],
expressApp: server,
},
() => {console.log('GraphiQL is now running');},
);
authenticateResolver.js
const authenticateResolver = {
Query: {
authenticate: async (root, args, context) => {
const { req } = context;
const auth = `Basic ${Buffer.from(`${args.username}:${args.password}`).toString('base64')}`;
const axiosResponse = await axios.post("localhot:8080/login, 'true',
{
headers: {
Authorization: auth,
},
});
if (axiosResponse.status === 200 && axiosResponse.data.token) {
req.session.token = axiosResponse.data.token;
}
return {
status: 200,
};
},
But when I upgraded to Apollo 2.0 my server.js code changed, authenticateResolver was as is. I am now unable to access req.session.token in any subsequent requests since the cookie session is not getting set. When I open Developer tools in chrome I cannot see the cookie being set when Authentication is called. What am I doing wrong here ?
server.js # After Apollo 2.0 upgrade
import express from 'express';
import { ApolloServer, gql } from 'apollo-server-express';
import cors from 'cors';
import cookieSession from 'cookie-session';
import { mergedTypes, resolvers } from './schema/';
const server = express();
server.use(
cookieSession({
name: 'session',
keys: 'k1,k2',
maxAge: 30 * 60 * 1000,
domain: '.mydomain.com',
path: '/',
}),
);
const corsOptions = {
origin: 'http://local.mydomain.com:3000',
credentials: true,
methods: ['GET', 'PUT', 'POST', 'OPTIONS'],
};
server.use(cors(corsOptions));
server.listen({ port: 3000 }, () => {
console.log('Server ready');
console.log('Try your health check at: .well-known/apollo/app-health');
});
const apollo = new ApolloServer({
typeDefs: gql`
${mergedTypes}
`,
resolvers,
engine: false,
context: ({ req }) => ({ req }),
});
apollo.applyMiddleware({
server
});
Solution
Yes, If you look at the graphql playground there is a settings option if you click on that you can observe few settings, one of them being
"request.credentials": "omit" just change it to
"request.credentials": "include" and save settings and it should now work.
My code looks as follows as well:
const app = express()
app.use(
cookieSession({
name: 'session',
keys: corsConfig.cookieSecret.split(','),
maxAge: 60 * 60 * 1000,
domain: corsConfig.cookieDomain,
path: '/',
})
)
const corsOptions = {
origin: corsConfig.corsWhitelist.split(','),
credentials: true,
methods: ['GET', 'PUT', 'POST', 'OPTIONS'],
}
app.use(cors(corsOptions))
const apollo = new ApolloServer({
typeDefs: gql`
${mergedTypes}
`,
resolvers,
engine: false,
context: ({ req }) => ({ req }),
tracing: true,
debug: !process.env.PRODUCTION,
introspection: !process.env.PRODUCTION,
})
apollo.applyMiddleware({
app,
path: '/',
cors: corsOptions,
})
app.listen({ port: engineConfig.port }, () => {
console.log('🚀 - Server ready')
console.log('Try your health check at: .well-known/apollo/app-health')
})
- GraphQL readiness for .net development
- Managing multiple calls to the same Apollo mutation
- Which one should I use when defining schema and resolvers in GraphQl
- Understanding GraphQL Mutation and how data is passed to output field
- Adding Authentication Error Handling for expired Token
- How to use multiple graphqls files?
- What is expected date format in Upwork GraphQL API?
- How to connect GraphQL and PostgreSQL
- Quarkus GraphQL typesafe query is building an unexpected nested query
- Issues with shopify API and graphQL
- Is it possible to query my running apollo graphqlserver locally, without using http?
- Spring Boot GraphQL Subscription returns 405 METHOD_NOT_ALLOWED
- Ruby Graphql: Found two visible definitions for UpdateTransactionInput
- AWS AppSync: pass arguments from parent resolver to children
- Graphql Newtonsoft serializer throws error while parsing enum
- How to add seed data using graphQL mutations in Firebase Data Connect
- How to execute a GraphQL query from a Next.js app?
- What is the difference between :id, id: and id in ruby?
- How to use contain in GraphQL query
- Does anyone know why express module type imports are not supported by graph ql upload?
- GraphQL using nested query arguments on parent or parent arguments on nested query
- Amplify.configure() not being called prior to generateClient()
- Graphql post body "Must provide query string."
- GraphQL Authentication on subscription using Quarkus (graphql-ui)
- Can't figure out is it possible to use multiple schemas in Hot Chocolate for ASP.NET Core
- Download Gitlab's graphql schema
- How to utilize StrawberryShake tools for schema located in github
- How to filter list objects by field value in GraphQL?
- Apollo GraphQL Server: RequestHandler<ParamsDictionary, any, any, ParsedQs, Record<string, any>> is not assignable to Application<Record<string, any>>
- Nginx prepends response data with post request body content from its' buffer?