Skip to main content

GraphQL Authentication with Escape

Description

The 'GraphQL' authentication preset facilitates authentication through GraphQL queries:

  • GraphQL Endpoint: The authentication is performed against a specified GraphQL endpoint.
  • Query Templating: Utilizes a templated GraphQL query for authentication requests.
  • Variable Handling: User credentials are passed as variables within the GraphQL query.
  • Token Extraction: Specifies how and where to extract authentication tokens (e.g., from the response body).
  • Token Injection: Defines how to inject the extracted token into subsequent requests.

This preset is ideal for systems where authentication is managed via GraphQL APIs, allowing for flexible and powerful authentication mechanisms.

Examples

presets:
- type: graphql
url: https://api.example.com/graphql-auth
query: "mutation($login: String!, $password: String!) {\n authenticate(login:\
\ $login, password: $password) {\n accessToken\n }\n}"
injections:
- key: Authorization
location: header
prefix: Bearer
variable: token
extractions:
- name: token
key: accessToken
location: body
users:
- username: user1
variables:
login: user1
password: pass1
- username: user2
variables:
login: user2
password: pass2

Extensive Configuration

PropertyTypeRequiredDescriptionReference
typeConst[graphql]True
usersGraphQLUserPresetTrueA list of users with credentials contained in the GraphQL variables of the queryGraphQLUserPreset
urlstringTrueThe URL of the GraphQL authentication endpoint.
querystringTrueThe templated GraphQL inside the query field of the JSON body of the HTTP request.
extractionsTokenExtractionFalseThe extractions of the GraphQL query containing the user credentials.TokenExtraction
injectionsTokenInjectionFalseThe injections of the GraphQL query containing the user credentials.TokenInjection

Objects

GraphQLUserPreset

PropertyTypeRequiredDescriptionReference
usernamestringTrueThe name of the user.
headersDict[string, string]FalseOptional headers injected during the authentication process and in authentified requests.
cookiesDict[string, string]FalseOptional cookies injected during the authentication process and in authentified requests.
variablesDict[string, string]TrueThe variables of the GraphQL query containing the user credentials.

TokenExtraction

PropertyTypeRequiredDescriptionReference
locationHTTPLocationTrueThe location of the HTTP request where the value should be extractedHTTPLocation
keystringTrueThe key to use for the extracted value, depending on the location
regexstringFalseThe regex to use to extract the token from the key value. By default the entire value is taken.
namestringTrueThe name of the variable to store the extracted value into

TokenInjection

PropertyTypeRequiredDescriptionReference
locationHTTPLocationTrueThe location of the HTTP request where the token should be injectedHTTPLocation
keystringTrueThe key to use for the injected token. Its usage depends on the location. For headers, cookies,and query parameters, this key describes the name of the header, cookie or query parameter. For a body location, the key is the field where the token should be injected within the request bodies
prefixstringFalseA prefix to prepend to the token before it is injected
variablestringTrueThe name of a variable to retrieve to create the token's value. If not provided, the token will be infered as the first successful extraction of the procedure

Enums

HTTPLocation

  • header

  • cookie

  • body

  • query