-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow HTTP401 from "context creation failed" (schema authorization) #2960
Comments
Please see my suggestion in #1709 (comment), which should now be possible thanks to #2719. |
@abernix as fare as i can tell, if you throw the error during context creation you don't enter the apollo server pipeline and there fore you can't catch the error in |
@abernix yeah, I'm running into this as well. It appears that if you throw the error during context creation it does not enter the apollo server pipeline |
@abernix Same problem here. Errors thrown during the context creation do not hit |
Same problem here. If we do the authorization during the context creation, |
I think the best solution is to make all errors thrown in context creation fall through |
Linking this to: #3223 |
Problem
Apollo docs suggest doing "schema authorization" in the context function. However, when you throw an
AuthenticationError
in the context function, the HTTP status is set to400
and haven't found a way to customise this behavior. I'd like a 401 in this situation.The relevant code can be found from:
apollo-server/packages/apollo-server-core/src/runHttpQuery.ts
Lines 134 to 152 in 2d1544d
Solution?
Plugins?
Allow a similar solution as described in #1709 (comment) (requestDidStart + didEncounterErrors)
Customise apollo-server-express behavior?
It seems I should be able to customise behavior at the express<->Apollo level, here:
apollo-server/packages/apollo-server-express/src/expressApollo.ts
Lines 50 to 65 in bf0cd6b
Should full schema auth happen elsewhere?
Different web servers can probably check for auth token / cookie before routing to
POST /graphql
Hacky solution for Express
The text was updated successfully, but these errors were encountered: