Comments (5)
Have you enabled authentication on all your operations?
https://docs.wundergraph.com/docs/wundergraph-operations-ts-reference/configure-authentication
from wundergraph.
@Pagebakers obviously I did:
operations: {
defaultConfig: {
authentication: {
required: true,
},
},
I think I know what is missing in the tutorial. Basically the NEXTJS_URL/api/wg/* is secured but when I directly call WUNDERGRAPH_URL/operations without the rewrite in NEXTJS -> that's when it's get tricky. When you do that you an put any kind of token like Beared xyz
and wundergraph would still response because it is getting 200 and {}
from /api/auth/session.
from wundergraph.
Thanks for the extra info. In that case the /api/auth/session response should throw an error in case the token is invalid. I'llr un some tests to verify this is broken.
from wundergraph.
I've tested it, and indeed requests are always accepted because the session endpoint doesn't throw an error when the session isn't valid.
You can create a new userInfo.ts
handler in api/auth/userInfo.ts
with the following code:
import { getToken } from 'next-auth/jwt';
export default async (req, res) => {
// If you don't have NEXTAUTH_SECRET set, you will have to pass your secret as `secret` to `getToken`
const token = await getToken({ req });
if (token) {
res.status(200);
res.json({ name: token.name, email: token.email, picture: token.picture });
} else {
// Not Signed in
res.status(401);
}
res.end();
};
And then update the userInfoEndpoint
in wundergraph.config.ts
to point to the userInfo handler instead.
This way you can also map nextauth user details to the wundergraph claims.
from wundergraph.
Docs have been updated, closing this for now.
from wundergraph.
Related Issues (20)
- [Issue]: Live queries are not working when running server in debug mode (SvelteKit) HOT 2
- [Issue]: InputValidationError returns text/plain but should return application/json HOT 4
- Support for @tanstack/react-query v5 HOT 2
- Generated graphql Operations ignore the default values set in OAS Schema definition
- [Issue]: TestServer start timeout artificially limited to maximum of 60s HOT 1
- Object literal may only specify known properties, and 'type' does not exist in type 'JSONSchema7' HOT 5
- [Issue]: Nextjs App Router Migration Problem HOT 5
- introspect.graphql does not work for Contetnful GQL Schema HOT 3
- [Issue]: NextJS 14 failing to run useQuery calls that are Live Queries HOT 5
- Remove dependency on terminate package HOT 1
- [Issue]: Unable to get headers in revalidate hook HOT 1
- [Issue]: Crash in Subscriptions after publishing an event to NATS. HOT 6
- [Issue]: wunderctl start from `@wundergraph/sdk:0.177.0` always returning `stack` property for operation errors HOT 1
- [Issue]: Unable to access user object in hooks HOT 2
- [Issue]: Client fails to build when calling a GraphQL operation with an @internal directive from a TS Operation HOT 1
- Support ability to include Tags in the OpenAPI spec generation HOT 1
- Decimal / Numeric Postgres fields return null value in operations
- [Issue]: Wundergraph is unresponsive when run in a Codepsaces environment
- NextJS next-auth test app not working HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wundergraph.