Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should INTERNAL_SERVER_ERROR be UNAUTHENTICATED/FORBIDDEN? #1176

Open
reergymerej opened this issue Jun 4, 2021 · 4 comments
Open

Should INTERNAL_SERVER_ERROR be UNAUTHENTICATED/FORBIDDEN? #1176

reergymerej opened this issue Jun 4, 2021 · 4 comments

Comments

@reergymerej
Copy link

reergymerej commented Jun 4, 2021
edited
Loading

Question about GraphQL Shield

Unauthenticated requests are blocked, but the error code returned by Apollo is always INTERNAL_SERVER_ERROR. Is this expected? Is there a a configuration I'm missing somewhere?

{
  "errors": [
    {
      "message": "Not Authorised!",
      "extensions": {
        "code": "INTERNAL_SERVER_ERROR",
        "exception": {
          "stacktrace": [
            "Error: Not Authorised!",
            "    at normalizeOptions (/home/kike/prs/projects/rpbb/node_modules/graphql-shield/src/shield.ts:34:7)"
          ]
        }
      }
    }
  ],
  "data": null
}

Question about GraphQL concepts

I expect Apollo responses with auth errors to have HTTP code 200 and a body with an error extension.code UNAUTHENTICATED.

https://www.apollographql.com/docs/apollo-server/data/errors/#unauthenticated

  • [☑️] I have checked other questions and found none that matches mine.

#120 - looks promising, but way old (using 7.3.2 now)
#767
@open-collective-bot
Copy link

Hey @reergymerej 👋,

Thank you for opening an issue. We will get back to you as soon as we can. Have you seen our Open Collective page? Please consider contributing financially to our project. This will help us involve more contributors and get to issues like yours faster.

https://opencollective.com/graphql-shield

We offer priority support for all financial contributors. Don't forget to add priority label once you become one! 😄

@reergymerej
Copy link
Author

reergymerej commented Jun 4, 2021
edited
Loading

Extra Info

In fallbackError we're throwing errors created with hapi/boom. If we throw ApolloErrors, we can specify the extensions.code.

It still seems like the basic "Not Authorised!" response should use INTERNAL_SERVER_ERROR. We can, however, specify whichever error code we like in the ApolloError constructor.

@stale
Copy link

stale bot commented Jul 21, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Jul 21, 2021
@labelsync-manager labelsync-manager bot removed the stale label Jul 21, 2021
@stale
Copy link

stale bot commented Apr 16, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Apr 16, 2022
@labelsync-manager labelsync-manager bot removed the stale label Apr 16, 2022
@theguild-bot theguild-bot mentioned this issue Nov 2, 2022
Open
65 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@reergymerej