sending access token on NextAuth cookie #2686

killjoy2013 · 2023-02-23T20:44:08Z

killjoy2013
Feb 23, 2023

My router.yaml is;

authentication:
  experimental:
    jwt:
      jwks_urls:
        - http://localhost:3100/.well-known/jwks.json
      header_name: Authorization
      header_value_prefix: Bearer
      cooldown: 15s

However, NextAuth keeps the access token in a cookie with the name next-auth.session-token.
Is it possible to configure router.yaml to support both Authorization header & cookie?

Would it be possible to use Rhai scripts to get access token from the cookie and add it as the Bearer token to authorization header?
What would be the most suitable approach in this case?

Geal · 2023-02-27T10:05:18Z

Geal
Feb 27, 2023

I think that would be doable with rhai, when we add support for router service plugins. We're thinking about it, it is tracked here #2635

2 replies

killjoy2013 Feb 27, 2023
Author

is it possible to get the httponly cookie in rhai?
any sample code would be fantastic 🙏

Geal Feb 27, 2023

here you go: https://github.com/apollographql/router/blob/dev/examples/cookies-to-headers/rhai/src/cookies_to_headers.rhai
rhai cannot execute yet at the router service plugin level though

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

sending access token on NextAuth cookie #2686

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment 2 replies

{{title}}

{{title}}

{{title}}

Select a reply

sending access token on NextAuth cookie #2686

killjoy2013 Feb 23, 2023

Replies: 1 comment · 2 replies

Geal Feb 27, 2023

killjoy2013 Feb 27, 2023 Author

Geal Feb 27, 2023

killjoy2013
Feb 23, 2023

Replies: 1 comment 2 replies

Geal
Feb 27, 2023

killjoy2013 Feb 27, 2023
Author