Hi
@nicholas,
I tried adding an auth layer to apollo server using PassportJS. I use Google OAuth strategy as auth layer and cookie session to store the session at client side. This is what the flow looks like:
1. User makes a request to Apollo endpoint.
2. A custom middleware detects that request is not authenticated and redirects user to PassportJS's Google OAuth endpoint.
3. Once OAuth dance is complete, PassportJS adds the user to request session.
4. cookie-session middleware then sends this cookie to client side.
5. For subsequent requests, the cookie is automatically sent in request which prevents auth dance from getting triggered.
The way I plan for this to work is user first triggers the authentication by accessing the Apollo endpoint which will preserve the session cookie. Now when Prefect UI makes an AJAX request to Apollo endpoint, browser will automatically send the session cookie. The process is bit quirky but works for now. However, I realised that Prefect UI is not sending the cookie as expected. Same works fine when request is hit directly via browser.
I guess this has something to do with including credentials in request
https://www.apollographql.com/docs/react/networking/authentication/#cookie
Do you think this can be the issue?