GraphQL Authentication with Escape
Description
The 'GraphQL' authentication preset facilitates authentication through GraphQL queries:
- GraphQL Endpoint: The authentication is performed against a specified GraphQL endpoint.
- Query Templating: Utilizes a templated GraphQL query for authentication requests.
- Variable Handling: User credentials are passed as variables within the GraphQL query.
- Token Extraction: Specifies how and where to extract authentication tokens (e.g., from the response body).
- Token Injection: Defines how to inject the extracted token into subsequent requests.
This preset is ideal for systems where authentication is managed via GraphQL APIs, allowing for flexible and powerful authentication mechanisms.
Examples
presets:
- type: graphql
url: https://api.example.com/graphql-auth
query: "mutation($login: String!, $password: String!) {\n authenticate(login:\
\ $login, password: $password) {\n accessToken\n }\n}"
injections:
- key: Authorization
location: header
prefix: Bearer
variable: token
extractions:
- name: token
key: accessToken
location: body
users:
- username: user1
variables:
login: user1
password: pass1
- username: user2
variables:
login: user2
password: pass2
Extensive Configuration
Property | Type | Default | Description |
extractions | List[ HTTPExtraction] | | The extractions of the GraphQL query containing the user credentials. |
injections | List[ HTTPInjection] | | The injections of the GraphQL query containing the user credentials. |
query * | string | | The templated GraphQL inside the query field of the JSON body of the HTTP request. |
type * | Const[graphql] | graphql | |
url * | string | | The URL of the GraphQL authentication endpoint. |
users * | List[ GraphQLUserPreset] | | A list of users with credentials contained in the GraphQL variables of the query |
Objects
GraphQLUserPreset
Property | Type | Default | Description |
cookies | Dict[string, string] | null | Optional cookies injected during the authentication process and in authentified requests. |
headers | Dict[string, string] | null | Optional headers injected during the authentication process and in authentified requests. |
username * | string | | The name of the user. |
variables * | Dict[string, string] | | The variables of the GraphQL query containing the user credentials. |
Property | Type | Default | Description |
key * | string | | The key to use for the extracted value, depending on the location |
location * | HTTPLocation | | The location of the HTTP request where the value should be extracted |
name * | string | | The name of the variable to store the extracted value into |
regex | string | null | The regex to use to extract the token from the key value. By default the entire value is taken. |
HTTPInjection
Property | Type | Default | Description |
key * | string | | The key to use for the injected token. Its usage depends on the location. For headers, cookies,and query parameters, this key describes the name of the header, cookie or query parameter. For a body location, the key is the field where the token should be injected within the request bodies |
location * | HTTPLocation | | The location of the HTTP request where the token should be injected |
prefix | string | null | A prefix to prepend to the token before it is injected |
variable * | string | | The name of a variable to retrieve to create the token's value. If not provided, the token will be infered as the first successful extraction of the procedure |
Enums
HTTPLocation
Value |
header |
cookie |
body |
query |