Auth token variable is not correctly interpolated when loading GQL schema from introspection

[bahriddin]

I have checked the following:

• [x] I have searched existing issues and found nothing related to my issue.

This bug is:

• [ ] making Bruno unusable for me
• [x] slowing me down but I'm able to continue working
• [x] annoying
• [x] this feature was working in a previous version but is broken in the current release.

Bruno version

2.5.0

Operating System

Mac OS Sequoia 15.5

Describe the bug

I am using variable to make GraphQL query in Auth section sth like Bearer token: {{api_token}} which works fine when making the actual query. But when it comes to "load from introspection" I am getting this error:

Then I removed variable and pasted actual token value and this time it worked fine.

.bru file to reproduce the bug

No response

Screenshots/Live demo link

[anusree-bruno]

Hi @bahriddin,

I believe this issue is similar to #3680. A fix has already been implemented — you can check it out in our nightly build (v2.6.0-2025.06.16).

This fix is scheduled to be released in the main build tomorrow.

[bahriddin]

Hi @bahriddin,

I believe this issue is similar to #3680. A fix has already been implemented — you can check it out in our nightly build (v2.6.0-2025.06.16).

This fix is scheduled to be released in the main build tomorrow.

Thanks for reaching out. It looks like I haven't got that 2.6.0 version yet. How can I manually update? I set already to automatically update.

[anusree-bruno]

Hi @bahriddin,

This is a nightly build, which means it's a separate build that isn’t delivered via auto-update, as it may be unstable. The stable release, v2.6.0, is scheduled to go out tomorrow.

[bahriddin]

Oh great to know. I will keep an eye.

[phoval]

Auth headers are still not working for GraphQL introspection in bruno v2.6.0 setAuthHeaders is called after interpolate, so auth variables aren’t set correctly. https://github.com/usebruno/bruno/blob/main/packages/bruno-electron/src/ipc/network/prepare-gql-introspection-request.js#L26

[bahriddin]

Yep, can confirm – issue is still on 2.6.0.

[Drowze]

I can also confirm this is still an issue (using Bruno v2.6.1).

From my experience using basic authentication in a GraphQL API:

• on the Headers tab, specifying Authorization as something like Basic dXNlcjpwYXNz: works fine in introspection requests
• on the Auth tab, specifying Basic Auth username and password: does not work in introspection requests
• on the Script tab, specifying a simple script to add the basic authentication header: does not work in introspection requests (note: the script isn't even executed in introspection calls, e.g. console.log aren't written to console)

short demo (using Basic Auth configured on the Auth tab, on the request level)

[anusree-bruno]

I can also confirm this is still an issue (using Bruno v2.6.1).

From my experience using basic authentication in a GraphQL API:

• on the Headers tab, specifying Authorization as something like Basic dXNlcjpwYXNz: works fine in introspection requests
• on the Auth tab, specifying Basic Auth username and password: does not work in introspection requests
• on the Script tab, specifying a simple script to add the basic authentication header: does not work in introspection requests (note: the script isn't even executed in introspection calls, e.g. console.log aren't written to console)

I think this is related to https://github.com/usebruno/bruno/issues/3861#issuecomment-2983136157

[amorrowbellarmine]

I am seeing a similar issue error. I have a collection with pre-script that refreshes an environment variable to store a Bearer token (it expires after five minutes). I then use that variable in the Auth settings for the entire collection. All my requests are configured to inherit the Auth settings from the collection. In v2.4.0, I could run one of the requests in the collection and pull data. That executed the pre-script and populated the environment variable with the Bearer token. Once the request completed, I could load the schema from introspection. In v2.5.0 and later (tested 2.5.0, 2.8.1, & 2.9.0), performing the same steps results in an error saying, "Error: No data returned from introspection query". Changing the Auth settings for the request so it references the variable instead of inheriting the settings doesn't work either. But if I copy/paste the value of the variable into the request's Auth settings directly, introspection works.

Could this be caused by changes added by pull request https://github.com/usebruno/bruno/pull/4661 ?

[anusree-bruno]

@amorrowbellarmine I was able to reproduce the scenario, I can confirm that headers are not interpolated for introspection

https://github.com/user-attachments/assets/65ee5148-3932-4c30-8437-86f110a739b1

[JoshuaCarter]

All versions after 2.4.0 have this issue for me too.

[renestalder]

So, this is an issue since June and since June I couldn't make use of Bruno for projects using Graphql. I don't mind this not being solved yet; I don't feel entitled to get free updates for software. The only thing I wonder: Is there a workaround for this so I can use introspection and documentations in Bruno again?

[EstherAF]

Is there a workaround for this so I can use introspection and documentations in Bruno again?

I'm able to use Bearer token as authorization for introspection by setting the Authorization header manually in the request (it supports variables). It does not work tho, if you configure the header in a folder. IDK why but it is not inherited as I would expect it to do. However, you only need to load the GQL schema once and it is available in your other requests, so no need to configure the header in each request

[dac514]

I am having the same problem. Steps to reproduce:

• Add X-Shopify-Access-Token: XYZ in Headers of folder
• Create and run Graphql query
  • ✅ Works, it inherits the header from the parent folder
• Click Schema -> Load from Introspection
  • ❌ Fails, unauthorised

Workaround: Copy header into request.