i have an application based on api-platform with secured route using JWT (and the LexikJWTBundle). With the Swagger interface it's easy to call secured route providing a valid bearer. But with GraphiQL i don't see anything about security so when a call a secured route it fails.
Any idea ? or shall we prevent graphiql usage in dev ?
Thanks
If you're using the standalone GraphiQL app, there's an "Edit HTTP Headers" button at the top-right corner. Click that, click "+ Add Header", and enter a Header name "Authorization" and Header value "Bearer eyJh..." where the last part is your access token.
For GraphiQL embedded in a Web site, it's often configured so that it targets the same site, and whatever authentication you need to reach the GraphQL endpoint is the same authentication you need to reach the GraphiQL app. There's not specifically a path to add custom headers here, but the embedding application server might have a way to provide them.
The primary question is answered, but I found this question when looking for how to automatically set the Authorization header based on an authentication request. GraphiQL has a preflight script option in settings where you can make an authentication request and set it into a variable to be used in the shared headers.
It wasn't obvious to me where to find this. It is available in the settings menu within the explorer tab, not the connection settings.
