Security Token

[zerlpaMMT]

Hi,

is there any possibility to get the token into the resolve function of a type?
https://graphql.org/learn/authorization/ says that accessibility control for some kind of data should be in the business logic layer.

kind regards.

[mwarnaar]

@zerlpaMMT did you find a solution to this? It seems that (in Symfony 4) the result of container[...]->get('security.token_storage')->getToken()->getUser() returns 'anon.' instead of the currently logged in user. Therefore, using symfony.authorization_checker->isGranted() inside fields/mutations does not seem to work like you would expect.

This happens when following the comments in #68, with the following in services.yaml:

graphql.processor:
        public: true
        class: Youshido\GraphQLBundle\Execution\Processor
        arguments:
            $executionContext: '@graphql.execution_context'
        calls:
            - [setSecurityManager, ['@graphql.security_manager']]

[mwarnaar]

It turned out that it was a missing Apollo client setting. In front-end javascript, passing credentials: 'same-origin' with createHttpLink did the trick for session-based authentication (https://www.apollographql.com/docs/react/recipes/authentication.html). Might not be related to this issue, but this could help you in the right direction.