-
Notifications
You must be signed in to change notification settings - Fork 347
Adding credentials to the HttpLink and/or ApolloFetch API #44
Comments
Hmm, this is definitely one thing that was easier in the previous network interface implementation. I think it should probably be possible to do everything with just |
Also, @jaydenseric what do you think? |
Just asked James, we like the first example: new HttpLink({
uri: 'https://www.example.com/graphql',
credentials: 'include',
headers: {
'X-Example-Header': config.VERSION
}
}) I think that would include modifications to apollo fetch as well, right? |
Cool
Correct, they'd pass through from |
@tgriesser that would be awesome - do you have time to work on a PR for that? |
Yep, I'll get something over in a bit |
Thanks! |
I don't fully appreciate the consequences of this proposal as the way all these new packages link together still hasn't clicked for me yet, even though I'm productively using them. Unless I'm confused, is it a good idea this high up in the API to bake in support for As an side note, auth header examples are pretty different looking between
Is
IMO it has been as easy, or easier (WIP documentation aside) than before to set everything up. A real-world batched client setup with auth headers and uploads for a SSR Next.js app (see example without auth here for context): import { ApolloClient } from 'react-apollo'
import BatchHttpLink from 'apollo-link-batch-http'
import { createApolloFetchUpload } from 'apollo-fetch-upload'
function createApolloClient({ initialState, getViewerToken }) {
const apolloUploadFetch = createApolloFetchUpload({
uri: `${process.env.API_URI}/graphql`
})
apolloUploadFetch.batchUse(({ options }, next) => {
const viewerToken = getViewerToken()
if (viewerToken) {
if (!options.headers) options.headers = {}
options.headers.authorization = `Bearer ${viewerToken}`
}
next()
})
return new ApolloClient({
ssrMode: !process.browser,
initialState,
networkInterface: new BatchHttpLink({ fetch: apolloUploadFetch })
})
} For auth related fetch headers I used to have them fixed for SSR and as middleware for the client, in case the viewer situation changes between operations in a group of batched requests. For simplicity I just use middleware for both now since it doesn't seem to really slow SSR. |
I'd claim that the code sample above qualifies as "using it directly", since you still have to deal with the configuration API. I think you've got a good point about custom fetch functions that might have different APIs than Would it be fair to say that the idea of building this into |
I might not fully understand the challenge here, but perhaps Until this lands on an established pattern, I'll be taking this approach which seems independent of any changes made Link-wise. const fetch = createApolloFetchUpload({
uri: '/graphql'
});
fetch.batchUse(({ options }, next) => {
options.credentials = 'same-origin';
next();
}); I also noticed the docs have been getting updated recently. Does anyone know the current API design direction for this issue? |
I think we should allow credentials and headers to the constructor for the http-link https://github.com/apollographql/apollo-link/tree/master/packages/apollo-link-http#options. I'll assign and do this! |
Supported via #144! |
@jbaxleyiii Since |
any news on |
Would be great to have it on |
@moimael until there's an API on |
@tgriesser, @stubailo, any news on solving this? |
Can you open a new issue specifically for the batch link? |
…ken not being loaded until a page refresh by using a custom fetch function. Links to existing literature are in the comments. It seems to work but I don't know if it's correct. Simplified httpLink to use newly available headers option. Without this regrabbing the token would be far more complicated to achieve. (see apollographql/apollo-link#44) Switching around confusing names in UserProtector (meData). TODO: Still haven't figured out how to get header to refresh reliably - but now you no longer need to refresh the page to get the auth token. (Good way to test is to logout, navigate directly via address bar to /user/me and follow the login link on that page. You'll be directed back to the page and the data about your user will appear immediately). Server: Added new getAuthToken function - something I wrote for something I ended up abandoning (for now?)
…ken not being loaded until a page refresh by using a custom fetch function. Links to existing literature are in the comments. It seems to work but I don't know if it's correct. Simplified httpLink to use newly available headers option. Without this regrabbing the token would be far more complicated to achieve. (see apollographql/apollo-link#44) Switching around confusing names in UserProtector (meData). TODO: Still haven't figured out how to get header to refresh reliably - but now you no longer need to refresh the page to get the auth token. (Good way to test is to logout, navigate directly via address bar to /user/me and follow the login link on that page. You'll be directed back to the page and the data about your user will appear immediately). Server: Added new getAuthToken function - something I wrote for something I ended up abandoning (for now?)
I was going to open a PR to add
credentials
as an option to theHttpLink
and/orApolloFetch
api, but wanted to open a ticket to discuss first.Currently it appears the only way to add credentials in
HttpLink
is through a customApolloFetch
provided by thefetch
option, either with a middleware or a customconstructOptions
.That works fine, though it feels like the wrong place to need to add this. Since credentials are part of the top-level api for the global
fetch
, it seems it should be made a bit more first-class and be provided as an option to eitherHttpLink
,ApolloFetch
, or both particularly since it's usually tied to the uri, and not specific to the request.or
Also, wanted to get any thoughts on adding
headers
as another new top-level option on either of these classes, for specifying default headers that should remain consistent across any requests - merged with a the standard headers provided byApolloFetch
unless they're later modified by a middleware.or
The text was updated successfully, but these errors were encountered: