[Http headers] I need to send a cookie. about express-graphql HOT 10 CLOSED

You're right, they're not defined in the example I gave above, so it wouldn't work. What you actually have to write is something like this (which wraps the graphqlHTTP middleware in a function that acts as middleware:

app.use('/graphql', (req, res) => {
  return graphqlHTTP({
    schema,
    graphiql: true, // or whatever you want
    context: { req, res },
  })(req, res);
);

from express-graphql.

I'm not sure why you thought you had to fork the project to do this... the following should work:

app.use('/graphql', graphqlHTTP({
  schema,
  graphiql: true, // or whatever you want
  context: { req, res },
});

and in your resolve function:

resolve: (root, args, context) => {
  let cookieValue;
 /* your code here */
  context.res.set('cookie', cookieValue);
}

from express-graphql.

response is now added to the middleware config function, and of course you can do what @helfer suggested as well, but definitely be careful in setting headers from a graphql function, it's typically a sign of something gone awry.

from express-graphql.

I would strongly suggest against using GraphQL as a replacement for OAuth or other forms of authentication.

from express-graphql.

You could wrap graphqlHTTP and pass res into the context, then you can access it from resolvers.

from express-graphql.

Yep of course there are workarounds, for instance I had fork this project and added the res to the options. It took only 3 lines of code... So why the heck only the req is set ???

from express-graphql.

Where did your req and res come from ?

from express-graphql.

it's typically a sign of something gone awry

@leebyron how else would you set a cookie if user signed up or logged in?

from express-graphql.

@leebyron at the end of a valid non-graphql OAuth flow (e.g. firebase) the client ends up with a token that you need to send to the server (and expecting the server to validate the token (from firebase) and set a secure cookie. This is one of the few ways to have graphql subscriptions since websockets cannot set custom headers (so only cookies provide security).

from express-graphql.

I apologize if this is the incorrect place to post something like this. I have GraphQL calling my rest api in it's resolver. When a person logs in I issue a jwt in a cookie. I have my api locked down and GraphQL is working fine if I manually pass over the cookie. However, when I'm in my app, I had planned to pass over the cookie as an argument but I can't since it's a cookie... Could I possibly use the above approach to issue another token from graphql? Something about that does not feel right.

from express-graphql.