I have two headless backend services: Saleor and Strapi, which provide with GraphQL API for e-commerce development. The problem was to find a service, which can stitch two( or more ) GraphQL schemas so that I can have access to them by one endpoint. Such service is StepZen. Normally when trying to fetch requests on StepZen you would have to do it with
{
"Authorization": "apikey <apikey>"
}
as a header. And it would also work. But when you have some fields in schemas you stitching which Require JWT authentication you need somehow to pass in Authorization header Bearer token. In StepZen there is an opportunity to forward headers, so theoretically I could use that to forward Authorization header to fields, because StepZen also provides JWT Authentication when making your request instead of using API-Key. And THAT is the main problem(failing to access StepZen with only Bearer Token).
As it stays in documentation I changed my config.yaml file accordingly:
deployment:
identity:
jwksendpoint: https://<MY-DOMAIN>/.well-known/jwks.json
access:
policies:
- type: Query
policyDefault:
condition: '?$jwt'
Unfortunately trying after this accessing the endpoint with the Bearer Token as the value of Authorization header like this:
{"Authorization" : "Bearer <token>"}
got me always the same 401 error from StepZen, NOT Saleor( Unauthorized: missing or not allowed ), which means that none of my requests reach its endpoint. I am totally lost, because I tried already all combinations from the StepZen docs of config.yaml file and none of that worked. I would be very happy if someone could explain me what the problem is.
