How to attach JWT token to the header of graphql subscription

Question

I am currently building chat application with microservice architecture, where auth(login and signup) service and chat service are separated using Graphql. I was trying to attach a JWT to the request header of query, mutation and subscription to extract user id from it to use for inner logic in the services. However, I cannot properly set the token to the header or subscription parameter in Altair Graphql, although token is successfully set for the query and mutation in exact same manner. My questions are;

1. Is there any way to attach JWT token to the request header?
2. Is there any better way to send JWT token to the graphql subscription request?

Moreover, the ways I tried to set the token for subscription request are the following;

Thank you.

Answer 1

The websocket API doesn't support setting arbitrary headers in the upgrade request. This also includes authentication related headers.

There are common patterns taking to secure websocket applications that can be used instead.

With regards to GraphQL subscription over websocket, depending on your implementation, you can pass the authentication credentials in the connection parameters. One example is what is done in Apollo GraphQL via both graphql-ws and subscriptions-transport-ws.

In conclusion, this is not something that Altair GraphQL has any control over, but it's a limitation of the websocket API itself.

Hope that helps.