Context
I once had to authenticate requests made from Apollo Studio to my local development server. The locally running GraphQL API was using session cookies for authentication. While there were workarounds and configs in order to set cookies correctly for requests sent from Apollo Studio, I wasn't able to reliably make it work. Also, I didn't want to change the cookie configs in my server as it would mess with my frontend setup.
Solution
I used Postman Interceptor to intercept cookies from the frontend. So every time a user logged in, Postman Interceptor would capture the appropriate cookies and store it. Now on every graphql requests made via Postman the stored cookies would be sent and user would get access to protected resource.
Steps:
-
Install and connect Postman to the local graphql server.
- Follow the steps from this section: Sending GraphQL queries in the request body and use your local server url: http://localhost:5000/graphql as URL endpoint.
-
Install Postman Interceptor for Chrome
- Go through the section Syncing cookies with Postman Interceptor and add
localhost
as the domain.
- Go through the section Syncing cookies with Postman Interceptor and add
- Next login to the frontend(in Chrome) as a privileged user (eg. at http://localhost:3000). The cookies set in the browser will be captured by Postman.
- Next goto Postman and run a privileged query (which should not be available to unauthenticated/public users). The data is returned in the body and the relevant cookies are sent along with the request.
- The cookies will be automatically removed/updated once we logout or login as a different user.
References:
- Setting up cookies in Apollo Studio
- Setting up Postman
Top comments (0)