Search code examples
graphqlquarkussmallrye

GraphQL Authentication on subscription using Quarkus (graphql-ui)


I provided a GraphQL interface with Smallrye Graphql in Quarkus with a query and a subscription:

import org.eclipse.microprofile.graphql.GraphQLApi;
import org.eclipse.microprofile.graphql.Query;
import io.quarkus.security.Authenticated;
import io.smallrye.graphql.api.Subscription;
...

@GraphQLApi
@Authenticated
public class MyGraphQL {
   @Query(getInformation)
   public List<MyInformation> getMyInformation(int id) { ... }

   @Subscription(informationStream)
   public Multi<MyInformation> getMyInformationStream() { ... }
}

If I try to run the application and call the query using the integrated graphql-ui of Quarkus everyting works quite well if I add the Authorization Header

Query

query getInformation {
   getInformation(id: 1) {
     ....
   }

Header

{
  "Authorization": "Bearer <token>"
}

Now I try to do the same with the subscription: Subscription

subscription informationStream {
   informationStream() {
      ...
   }
}

And I also added the same Header:

{
  "Authorization": "Bearer <token>"
}

Unfortunately for the subscription I get an error message:

{
  "errors": [
    {
      "message": "System error",
      "locations": [
        {
          "line": 2,
          "column": 3
        }
      ],
      "path": [
        "informationStream"
      ],
      "extensions": {
        "code": "unauthorized"
      }
    }
  ]
}

How can I authenticate correctly using against this subscription?


Solution

  • It turned out that the problem is not in the authorization of the GraphQL-Backend but rather in GraphQL-UI. If you connect with a regular client (like https://github.com/graphql-python/gql/blob/master/docs/code_examples/websockets_async.py) authentication works as expected.

    Issue in the SmallRye GraphQL-UI is tracked at https://github.com/smallrye/smallrye-graphql/issues/2255