-
-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Checking for a valid JWT and integrating with a Refresh-Token-Workflow #117
Comments
Relates to graphql-dotnet/server#480 |
So if I got this right, once this is merged and released I would create a custom I would have some questions relating to this:
services.AddScoped<IDocumentWriter>(provider => new DocumentWriter(new CustomErrorInfoProvider()));
public class CustomErrorInfoProvider : ErrorInfoProvider
{
public override ErrorInfo GetInfo(ExecutionError executionError)
{
var info = base.GetInfo(executionError);
// would be nice if I could modify the info.Code here...
info.Message = executionError switch
{
// this is for the Authorization case with the planned AuthorizationError right?
// what would I do to handle an AuthenticationError, i.e. an invalid JWT token?
AuthorizationError authorizationError => "Custom message",
_ => info.Message,
};
return info;
}
}
Samples for this would probably be nice, as you mentioned in the linked PR. |
Not http status code, just error code. |
Look into
Code is stored into |
Note that PR is targeted agains other project - server, not this repo. |
I'm on the latest versions and I don't have an I only have an extension method for the IGraphQLBuilder AddErrorInfoProvider(Action<ErrorInfoProviderOptions> configureOptions); This is only used to configure an ErrorInfoProvider, not inject one yourself. |
I think graphql-dotnet/server#480 is not enough to solve this one... GraphQLHttpMiddleware will still respond with a 200 status code... You can only change the message text which is reported inside the GraphQL error this way... @sungam3r Maybe this method should return an int which is then used as HTTP status code.... |
Still, this only lets me configure options for an internally registered ErrorInfoProvider, not adding my own ErrorInfoProvider implementation.
Being able to change the HTTP Status code would probably be the easiest option for my case, since it's the easiest for clients to implement. But it's also something clients of an open API might not expect, so being able to communicate an Authentication error clearly in a regular GraphQL response (i.e. HTTP 200) does have its value. |
It is not supported now. PRs are welcome. |
I want to check if a user is authenticated (NOT authorized) for a specific query, resolver, etc. via a JWT Token in the
Authorization
Header. I also need to integrate this with a Refresh-Token-Workflow on the client. I planned on using theauthMiddleware
of react-relay-network-modern.This is the code I'm using at the moment:
I have a few questions regarding this:
[Authorize]
attribute on a method or controller with ASP.NET Core REST. In the documentation I haven't found anything useful other than theRequireAuthenticatedUser()
policy.The returned json only tells me that an authorization error happened:
I also know that returning different HTTP error codes is not part of the GraphQL spec, since HTTP is just an agnostic transport protocol. But a Refresh-Token-Workflow is still something almost every modern SPA will have to implement. So having a solution for this would still be nice! :)
TL;DR:
The text was updated successfully, but these errors were encountered: