Authentication and refreshing schemas

[heinrichdude]

We have an GraphQL API that is protected by Keycloak, we have enable the basic authorization on our endpoints [Authorize], that will ensure a user is authenticated. This works well. However, we have issues with refreshing the schema in clients like Insomnia as well as using GraphQL codegen. We can easily resolve this with a auth request before the refresh schema request in Insomnia.

Our bigger problem at the moment is getting our codegen of our Typescript objects to work.

I am currently exploring getting a script together that would request an auth token and then pass that along to the codegen. Haven't found a way to do this successfully ... yet.

However, I am also wondering if there is a way, or would it be proper, to have a way to secure the GraphQL endpoints but allow the refresh schema to proceed without being authenticated.

Any advice would be appreciated!

[lucas-garrido]

I have the same problem with insomnia

[heinrichdude]

For Insomnia, this post helped me ... https://stackoverflow.com/questions/54925915/insomnia-using-oath2-0-how-do-i-pull-the-access-token-into-a-variable

As for what I needed to pass to keycloak to get the token back that was a little more difficult to figure out, but it looks like this ...

... then you access to the token, in my case "access_token" following what that link above suggests.

[DuCNiKo]

Guys,
You should secure the queries and not the graphql endpoint.
It's basically what we are doing (even using keycloak as idp) and it should allow you client to perform introspection queries needed to build your clients