How to pass several downstream graphql services' auth?

[liuxiaodong008008]

Background
I have 2 graphql services. One is a cms (A) and another is a commerce system (B). I want to federate data from the 2 systems. So, I attempt to use Hasura in the front of A and B to combine the data from the 2 services.

Question
Both A and B have their independent auth system. If the query touches data from the both sides, the request must pass auth of both A and B.

I know maybe I can fill a fixed value for Authorization header (with the token) for each remote schema. But in this way, the user identity will always be the same because the fixed Authorization header always contains info of a fixed user. And the me model will always returns the same info. This is not what I want.

The question is how does the request carry 2 JWT tokens and pass them to coresponding backend graphql services?

[adas98012]

Hi,
Authentication is handled outside of Hasura. Hasura delegates authentication and resolution of request headers into session variables to your authentication service (existing or new). Here is the doc that provides guidance on the different Authentication options:

https://hasura.io/docs/latest/auth/authentication/index/

Here is the document on federating data from Remote Schemas and how to manage role-based authorization in remote schemas:
https://hasura.io/docs/latest/remote-schemas/remote-relationships/remote-schema-relationships/
https://hasura.io/docs/latest/remote-schemas/auth/remote-schema-permissions/