[Security] Authenticate requests with user supplied token

[brett-fitz]

If deploying the server remotely, outside of perimeter network auth, you are limited on ensuring users are properly authenticated and authorized to use the wrapped GraphQL service since the auth token is set on server init.

One way to secure this would be to pass a supplied user auth token from the initial request to the GraphQL server.

Feature request:

• Add a config option to supply a user defined header key to be used for authenticating GraphQL requests
• If the auth token is not set and a user provides the header key to find the user token in the request, pass the user token when processing a request

[dimastark]

I made a local patch in my repository (based on which I made a pull request #8) and after that I was able to receive authorization headers from an http (or websocket) request:

async def handle_websocket(websocket: WebSocket) -> None:
    async with websocket_server(websocket.scope, websocket.receive, websocket._send) as streams:
        read_stream, write_stream = streams

        auth_headers = {"Authorization": websocket.headers.get("Authorization")}
        server = make_server(api_url, auth_headers)

        await server.run(read_stream, write_stream, server.create_initialization_options())

app = Starlette(
    routes=[
        WebSocketRoute("/ws", handle_websocket),
    ],
)