Odd issue that I’m running into. I’ve written an authorization plug that I’m trying to use w/ Absinthe, but it seems like the “authorization” header is being overridden somewhere above in the pipeline. The value is correct when I use it in a regular controller, but it is literally changed to “test” when used w/ Absinthe.
Router.ex:
pipeline :api_v2 do
plug Plugs.Api.OauthGraphql
plug CORSPlug
end
# This somehow sets req_headers["authorization"] = "test"
scope "/api/v2" do
pipe_through :api_v2
forward "/", Absinthe.Plug, schema: Web.V2.Schema
end
# This has the correct header ("Basic <jwt>")
scope "/test", ProjectWeb.Api do
pipe_through :api_v2
get "/", TestController, :index
options "/", TestController, :options
end
I’m using the same plug for both:
def call(conn, _params) do
# result = "Basic <jwt>" if called from a controller
# but result = "test" if called from absinthe
with [result] <- conn |> get_req_header("authorization"),
[_, token] <- String.split(result),
{:ok, claims} <- Auth.Token.verify_and_validate(token),
{:ok, parsed_claims} <- parse_auth0_claims(claims) do
Absinthe.Plug.put_options(conn, context: %{claims: parsed_claims})
else
{:error, :no_claims} ->
conn |> send_resp(401, "Missing claims") |> halt()
e ->
IO.inspect(e)
conn |> send_resp(401, "Not Authorized") |> halt()
end
end
I inspected the requests in the browser, and both requests were sending the correct headers.
Any ideas what could be going on? This is one of the weirder issues I’ve encountered.
