Skip to content
This repository has been archived by the owner on Mar 3, 2023. It is now read-only.
/ graphql-security-issue Public archive

Issue with lost authentication when using subscriptions in GraphQL Spring

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

stojsavljevic/graphql-security-issue

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
src/main
src/main
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

The issue is solved with Spring Boot 3.0.1!

Steps to reproduce the issue

query {
  testQuery
}
  • execute subscription
subscription {
  getNewPost{
    id
    title
    author {
      id
      name
    }
  }
}
  • open another graphiql editor in new tab
  • execute mutation
mutation {
  createPost(createPostInput: {
    title: "Lorem Ipsum"
    authorId: "123"
  }){
    id
    title
    author {
      name
    }
  }
}
  • note that subscription received the response
  • at this point authentication is lost and following request will be redirected to login page

Notes

  • In case that Post object doesn't contain nested Author object, everything works as it should
  • With Java Kickstart (code is here but commented out) everything works as it should
  • With Spring Boot 3.0.0 /graphql calls get redirected to login page

Links

About

Issue with lost authentication when using subscriptions in GraphQL Spring

Topics

graphql spring-security graphql-server spring-boot-starter issue graphql-java

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages