WebSocket connections for GraphQL subscriptions missing auth token #129
Description
Describe the bug
The beta-ui is not including the authentication token when establishing WebSocket connections for GraphQL subscriptions. This causes AuthenticationError: Auth token missing errors on the API side, preventing real-time updates from working.
HTTP POST requests to /graphql work correctly with authentication, but WebSocket connection attempts fail.
To Reproduce
- Log in to beta-ui
- Navigate to any page that uses GraphQL subscriptions (e.g., deployment details, task logs)
- Check lagoon-core-api logs
- See WebSocket authentication errors
Expected behavior
WebSocket connections should include the auth token in connectionParams so the API can authenticate subscription requests and real-time updates work correctly.
Screenshots
API error logs:
[error]: WebSocket onConnect: No auth token found in connection parameters
Internal error occurred during message handling. Please check your implementation.
AuthenticationError: Auth token missing.
at /app/services/api/dist/server.js:279:35
...
at WebSocket.<anonymous> (/app/node_modules/graphql-ws/lib/use/ws.js:83:27) {
extensions: { code: 'UNAUTHENTICATED' }
}
Additional context
- beta-ui image:
uselagoon/beta-ui:main - API version: v2.30.0
- Relevant packages:
@apollo/client: ^3.13.8,graphql-ws: ^5.16.0
Suggested fix: The Apollo Client WebSocket link configuration needs to pass the auth token via connectionParams:
const wsLink = new GraphQLWsLink(
createClient({
url: GRAPHQL_WS_ENDPOINT,
connectionParams: () => ({
authToken: getAuthToken(), // Get token from session/cookie
}),
})
);The regular lagoon-ui does not use WebSocket subscriptions, so this is specific to the beta-ui. Edit: I stand corrected ;-)