federation icon indicating copy to clipboard operation
federation copied to clipboard
verified publisher icon apollographql

Subscriptions support

Open ChrisSG opened this issue 5 years ago • 16 comments

Hello all,

I created this request as the community is desperately awaiting subscriptions in Apollo federation. I did this for gathering information, as it is obvious that subscriptions can't be implemented quickly because there seem to be non trivial problems on the way. The intent is to gather high level information around:

  • how subscriptions work in general

  • how they could be implemented for federation

  • what the problems are on the way

  • what could be done to solve those problem

Please everybody to contribute as it seems demanded and I guess a lot of people are willing and able to help!

Thank you all!

Regards,

Christian

ChrisSG avatar Jul 16 '20 15:07 ChrisSG

@martijnwalraven @abernix Could you please shed some light on this?

ChrisSG avatar Jul 21 '20 07:07 ChrisSG

Same here, Didn't see anything planned in the 3.x roadmap

DoctorVoid avatar Aug 17 '20 09:08 DoctorVoid

@martijnwalraven @abernix

gromov-io avatar Aug 24 '20 13:08 gromov-io

Where should we start? What are the basic inner workings of it and what is the main problem?

ChrisSG avatar Sep 23 '20 11:09 ChrisSG

Where should we start? What are the basic inner workings of it and what is the main problem?

From my perspective (React - browser), one of the non-trivial problems is the need to triage a client subscription to an individual backend service and maintain multiple subscriptions. Key details that are think are problematic:

  • Do all subscriptions go through the same websocket and the Apollo Client splits the messages up by service name/identifier?
  • How do we designate, configure, and communicate identifiers or names for a backend service compliant with Apollo Federation Specifications between the server and the client? Declaring is easy, but how would the client understand the configuration mapping? Should each server include a client Apollo GraphQL configuration endpoint or query?

This obstacle appears to be similar to not being able to use multiple GraphQL endpoints nicely in the Apollo Client (without overriding the apolloClient prop in the component).

As far as solving this problem, I would appreciate any information that can refute or support my perspective. I'm happy to jump in after Q2, but could use someone else's perspective before contributing. I just need a direction. Any details would be much appreciated.

lwintch avatar Jan 28 '21 17:01 lwintch

what are options for federation and subscriptions ?

sgentile avatar May 14 '21 12:05 sgentile

@lwintch you can checkout mercuriusjs as a reference implementation. The client creates a single connection to the gateway, and the gateway creates another connection to the respective service.

psteinroe avatar May 25 '21 08:05 psteinroe

Hello any update on this feature. We are waiting for it. Is there any beta version to be released?

haddadr avatar Jul 08 '21 11:07 haddadr

didn't intend to flood this thread. But I believe a briefing from maintainers could help relieve the despair of the community

onichandame avatar Aug 02 '21 06:08 onichandame

I am happy to help out with the implementation of this, but I think some guidance from maintainers would be nice. I agree with the topics as pointed out by @lwintch .

arneschreuder avatar Aug 02 '21 12:08 arneschreuder

The original support for GraphQL Subscriptions was Apollo's first attempt at answering the need for Subscriptions and pre-dated the existence of Federation. We've learned a lot from that original approach, and with the release of Federation we started to get more feedback that is invaluable in building the future of subscriptions.

Apollo's current stance on how to implement subscriptions in a Federated graph is outlined in our recent blog post. It comes with working examples in a repository that can be cloned.

While we can imagine a future with a different story, we're not there yet and we believe that this is an approach that has worked quite well for the large-scale implementors we've worked closely with so far. We're certainly interested in more feedback on how this approach works, but we've had good reception to this!

abernix avatar Aug 02 '21 12:08 abernix

@abernix Thank you for the feedback.

arneschreuder avatar Aug 02 '21 14:08 arneschreuder

having waited for this a while now ⏳ , i was instead able to put together a small library implementing federation with subscriptions (the way we'd hoped for, without a separate service just for subscriptions). was able to get it working using schema-stitching & graphql-tools, it's basically just transforming federation SDL into schema-stitching SDL and using websockets across the gateway & subgraphs: https://github.com/sammysaglam/federation-with-subscriptions

hope that helps

sammysaglam avatar Jan 20 '22 18:01 sammysaglam

@sammysaglam well done! Thank you!

arneschreuder avatar Jan 20 '22 19:01 arneschreuder

I've implemented the solution recommended in Mandi's post. However, I'm currently looking into incorporating CSRF protection. I notice that ApolloServer now has a beautiful csrfPrevention flag in its options. Any recommendations or advice on how to approach CSRF protection using Mandi's recommended approach?

haydenmcp avatar May 31 '22 18:05 haydenmcp

Nevermind. I got my answer from OWASP:

"...Forcing the victim to retrieve data doesn’t benefit an attacker because the attacker doesn’t receive the response, the victim does. As such, CSRF attacks target state-changing requests."

haydenmcp avatar Jun 02 '22 19:06 haydenmcp