0

I am using Quarkus 3.27.0 and trying to secure GraphQL subscriptions with the @Authenticated annotation. I pass the Authorization header with a valid token when connecting, but the subscription resolver is still not being authenticated.

This is my case :

 @Subscription
 public Multi<EventConsultedBO> eventConsulted(Long destId){
 return notificationService.getStream(destId);
 }

And for the class if have the annotation @Authenticated

I pass this in Header :

{
 "Authorization": "Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJUb2tlbiBBdXRoIiwiY29kZSI6IklHQU1MUyIsImlkUGVyIjoiMTE0NTcxNTciLCJjYXRlZyI6IlNZU1RFTSIsImlzcyI6InZlb3MyIC0gREVWIC0gSFJFR0FJRUciLCJpc29MYW5ndWFnZSI6ImZyIiwibGFuZ3VhZ2UiOiJGIiwiZXhwIjoxNzYzNzI0NTYzLCJpYXQiOjE3NjM3MTM3NjN9.FkvKIkmbYfX1C57Br2cL2Q8WFb0V-GadkPXQdxxnEro"
}

But I get this error of security :

ERROR [io.smallrye.graphql] [120] SRGQL012000: Data Fetching Error: io.quarkus.security.UnauthorizedException
 at io.quarkus.security.runtime.interceptor.check.AuthenticatedCheck.doApply(AuthenticatedCheck.java:38)
 at io.quarkus.security.runtime.interceptor.check.AuthenticatedCheck.apply(AuthenticatedCheck.java:25)
 at io.quarkus.security.spi.runtime.SecurityCheck.nonBlockingApply(SecurityCheck.java:14)
 at io.quarkus.security.runtime.interceptor.SecurityConstrainer1ドル.apply(SecurityConstrainer.java:100)
 at io.quarkus.security.runtime.interceptor.SecurityConstrainer1ドル.apply(SecurityConstrainer.java:97)
 at io.smallrye.context.impl.wrappers.SlowContextualFunction.apply(SlowContextualFunction.java:21)
 at io.smallrye.mutiny.operators.uni.UniOnItemTransformToUni$UniOnItemTransformToUniProcessor.performInnerSubscription(UniOnItemTransformToUni.java:68)
 at io.smallrye.mutiny.operators.uni.UniOnItemTransformToUni$UniOnItemTransformToUniProcessor.onItem(UniOnItemTransformToUni.java:57)
 at io.smallrye.mutiny.operators.uni.builders.UniCreateFromKnownItem$KnownItemSubscription.forward(UniCreateFromKnownItem.java:38)
 at io.smallrye.mutiny.operators.uni.builders.UniCreateFromKnownItem.subscribe(UniCreateFromKnownItem.java:23)
asked Nov 21, 2025 at 9:51
1
  • Do you pass the authorization header as a HTTP header during the initial request, or later during the initialization phase as the init payload? If you're doing the latter, you need to also specify quarkus.smallrye-graphql.authorization-client-init-payload-name=Authorization to tell Quarkus which field in the init payload is the authorization token Commented Nov 21, 2025 at 11:50

0

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.