Fork me on GitHub
Daniel Stephens00:11:39

@emccue Got a chance to start a project, this prints the correct stuff out for me


okay giving it a shot now


hey! that did manage to do something


okay so now I am slightly confused as to what exactly the interceptors are handling if not an http request


but i can work with it now


so what are connection params?

Daniel Stephens10:11:45

This probably has some inaccuracies but my understanding is, a WebSocket is a protocol that uses multiple http requests, there's one at the start which asks to initialise the connection, the payload passed along with this is what ends up as connection-params as far as I can tell, lacinia.pedestal (by default) just acknowledges this init request as long as it's readable and has the correct upgrade protocol. This seems potentially insecure but you can swap these pieces out with some work I believe. Once that acknowledgement/upgrade cycle has finished, another http request will be made which contains the graphql subscription body that you want to actually listen to. Technically you can send headers on each of those requests but from what I can see it's tricky with the Apollo SubscriptionClient which lacinia uses for GraphiQL. So I think connectionParams are part of the body of the ServletUpgradeRequest, which you managed to get ahold of earlier.


Once the connection is established it's going over tcp, but not as http, So if you want to do something with headers and such you need to do this on the initial call. But there is no standard way to do authentication for this. You could also do a query to fetch some token or something. I don't think that's insecure, as in it's just open for anyone to make a request. Just as query/mutation by default is open over https.

Daniel Stephens16:11:19

thanks for the clarifications 👍

Daniel Stephens10:11:49

The subscription interceptors handle the bit after the initial connection which contains a graphql subscription body