Should INTERNAL_SERVER_ERROR be UNAUTHENTICATED/FORBIDDEN?
reergymerej opened this issue · comments
Question about GraphQL Shield
Unauthenticated requests are blocked, but the error code returned by Apollo is always INTERNAL_SERVER_ERROR. Is this expected? Is there a a configuration I'm missing somewhere?
{
"errors": [
{
"message": "Not Authorised!",
"extensions": {
"code": "INTERNAL_SERVER_ERROR",
"exception": {
"stacktrace": [
"Error: Not Authorised!",
" at normalizeOptions (/home/kike/prs/projects/rpbb/node_modules/graphql-shield/src/shield.ts:34:7)"
]
}
}
}
],
"data": null
}
Question about GraphQL concepts
I expect Apollo responses with auth errors to have HTTP code 200 and a body with an error extension.code UNAUTHENTICATED.
https://www.apollographql.com/docs/apollo-server/data/errors/#unauthenticated
- [☑️] I have checked other questions and found none that matches mine.
Hey @reergymerej 👋,
Thank you for opening an issue. We will get back to you as soon as we can. Have you seen our Open Collective page? Please consider contributing financially to our project. This will help us involve more contributors and get to issues like yours faster.
https://opencollective.com/graphql-shield
We offer
prioritysupport for all financial contributors. Don't forget to addprioritylabel once you become one! 😄
Extra Info
In fallbackError we're throwing errors created with hapi/boom. If we throw ApolloErrors, we can specify the extensions.code.
It still seems like the basic "Not Authorised!" response should use INTERNAL_SERVER_ERROR. We can, however, specify whichever error code we like in the ApolloError constructor.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.