i have an application based on api-platform with secured route using JWT (and the LexikJWTBundle). With the Swagger interface it's easy to call secured route providing a valid bearer. But with GraphiQL i don't see anything about security so when a call a secured route it fails.
Any idea ? or shall we prevent graphiql usage in dev ?
Thanks
If you're using the standalone GraphiQL app, there's an "Edit HTTP Headers" button at the top-right corner. Click that, click "+ Add Header", and enter a Header name "Authorization" and Header value "Bearer eyJh..." where the last part is your access token.
For GraphiQL embedded in a Web site, it's often configured so that it targets the same site, and whatever authentication you need to reach the GraphQL endpoint is the same authentication you need to reach the GraphiQL app. There's not specifically a path to add custom headers here, but the embedding application server might have a way to provide them.