Skip to content

GraphQL Authentication with Escape

Description

The 'GraphQL' authentication preset facilitates authentication through GraphQL queries:

  • GraphQL Endpoint: The authentication is performed against a specified GraphQL endpoint.
  • Query Templating: Utilizes a templated GraphQL query for authentication requests.
  • Variable Handling: User credentials are passed as variables within the GraphQL query.
  • Token Extraction: Specifies how and where to extract authentication tokens (e.g., from the response body).
  • Token Injection: Defines how to inject the extracted token into subsequent requests.

This preset is ideal for systems where authentication is managed via GraphQL APIs, allowing for flexible and powerful authentication mechanisms.

Examples

presets:
-   type: graphql
    url: https://api.example.com/graphql-auth
    query: "mutation($login: String!, $password: String!) {\n   authenticate(login:\
        \ $login, password: $password) {\n       accessToken\n   }\n}"
    injections:
    -   key: Authorization
        location: header
        prefix: Bearer
        variable: token
    extractions:
    -   name: token
        key: accessToken
        location: body
    users:
    -   username: user1
        variables:
            login: user1
            password: pass1
    -   username: user2
        variables:
            login: user2
            password: pass2

Extensive Configuration

Property Type Default Description
extractions List[HTTPExtraction] The extractions of the GraphQL query containing the user credentials.
injections List[HTTPInjection] The injections of the GraphQL query containing the user credentials.
query * string The templated GraphQL inside the query field of the JSON body of the HTTP request.
type * Const[graphql] graphql
url * string The URL of the GraphQL authentication endpoint.
users * List[GraphQLUserPreset] A list of users with credentials contained in the GraphQL variables of the query

Objects

GraphQLUserPreset

Property Type Default Description
cookies Dict[string, string] null Optional cookies injected during the authentication process and in authentified requests.
headers Dict[string, string] null Optional headers injected during the authentication process and in authentified requests.
username * string The name of the user.
variables * Dict[string, string] The variables of the GraphQL query containing the user credentials.

HTTPExtraction

Property Type Default Description
key * string The key to use for the extracted value, depending on the location
location * HTTPLocation The location of the HTTP request where the value should be extracted
name * string The name of the variable to store the extracted value into
regex string null The regex to use to extract the token from the key value. By default the entire value is taken.

HTTPInjection

Property Type Default Description
key * string The key to use for the injected token. Its usage depends on the location. For headers, cookies,and query parameters, this key describes the name of the header, cookie or query parameter. For a body location, the key is the field where the token should be injected within the request bodies
location * HTTPLocation The location of the HTTP request where the token should be injected
prefix string null A prefix to prepend to the token before it is injected
variable * string The name of a variable to retrieve to create the token's value. If not provided, the token will be infered as the first successful extraction of the procedure

Enums

HTTPLocation

Value
header
cookie
body
query