Authorization for subscriptions Graphql (Absinthe) with token

Question

I'm trying to add authentication to this subscription test, since I keep getting Not Authorized when I run mix test. I've seen that you need to add a login mutation to the push_doc function but I was wondering. Is there any way to use only the token to authenticate, just like regular mutations that use :

conn =
      build_conn()
      |> put_req_header("authorization", @token)
      |> get("/api", query: @query)

    assert json_response(conn, 200) == %{
       "data" => %{
          "authors" => [%{"name" => "Jennifer"}]
       }
    }

This is my current subscription test:

test "1. Subscribe to createAuthor", %{socket: socket} do

    # setup a subscription
    ref = push_doc(socket, @subscription)
    assert_reply(ref, :ok, %{subscriptionId: subscription_id})

    # run a mutation to trigger the subscription
    ref = push_doc(socket, @mutation)
    assert_reply(ref, :ok, reply)

    assert %{
         data: %{
           "createAuthor" => %{
             "name" => "Jennifer"
           }
         }
       } = reply

    # check to see if we got subscription data
    expected = %{
      result: %{
        data: %{
          "createAuthor" => %{
            "name" => "Jennifer"
          }
        }
      },
      subscriptionId: subscription_id
    }

    assert_push("subscription:data", push)
    assert expected == push
end

My general question is. Can I only pass the token (which I have hardcoded) into a function to authenticate for subscriptions?

score 0 · Answer 1 · answered Jul 09 '18 at 20:08

I managed to do the test as follows, making the mutation using put_req_header()

test "1. Subscribe to createAuthor", %{socket: socket} do
    # setup a subscription
    ref = push_doc(socket, @subscription)
    assert_reply(ref, :ok, %{subscriptionId: subscription_id})

    # run a mutation to trigger the subscription
    conn =
      post(
        build_conn()
        |> put_req_header("authorization", @token),
        "/api",
        query: @mutation
      )

    assert json_response(conn, 200) == %{
             "data" => %{
               "createAuthor" => %{
                 "name" => "Jennifer"
               }
             }
           }

    # check to see if we got subscription data
    expected = %{
      result: %{
        data: %{
          "createAuthor" => %{
            "name" => "Jennifer"
          }
        }
      },
      subscriptionId: subscription_id
    }

    assert_push("subscription:data", push)
    assert expected == push
  end

score 0 · Answer 2 · answered Jul 07 '19 at 22:51

0

You can make a token with an expiry in like 100 years, signed with your key. Hardcode that and it's good forever as long as you use the same SK.

Are you adding "Bearer" in front of your token?

answered Jul 07 '19 at 22:51

Ian

544
3
16

Authorization for subscriptions Graphql (Absinthe) with token

2 Answers2