docs/docs/remote-schemas/auth/remote-schema-forward-auth.mdx
This page gives an overview of how Hasura allows you to pass auth context to your Remote Schema server.
Hasura will forward the resolved x-hasura-* values as headers to your Remote Schema. You can use this information to apply authorization rules in your server. You don't have to redo authentication in your Remote Schema server.
You can also configure Hasura to have (as shown here):
Authorization, Cookie headers etc.)In case there are multiple headers with same name, the order of precedence is: configuration headers > resolved user (x-hasura-*) variables > client headers.
So for example, if the client sends an Authorization header, and the configuration also has an Authorization header, the configuration header value will selected.
:::info Note
The headers from the client behave similarly to the authorization system. If x-hasura-admin-secret is sent, then all x-hasura-* values from the client are respected, otherwise they are ignored.
:::
Set-Cookie headers from your Remote Schema servers are sent back to the client over HTTP transport. Over websocket transport there exists no means of sending headers after a query/mutation and hence the "Set-Cookie" headers are not sent to the client. Use HTTP transport if your remote servers set cookies.
:::info Additional Resources
Data Federation with Hasura - Watch Webinar.
:::