Should INTERNAL_SERVER_ERROR be UNAUTHENTICATED/FORBIDDEN?
reergymerej opened this issue · comments
Question about GraphQL Shield
Unauthenticated requests are blocked, but the error code returned by Apollo is always INTERNAL_SERVER_ERROR
. Is this expected? Is there a a configuration I'm missing somewhere?
{
"errors": [
{
"message": "Not Authorised!",
"extensions": {
"code": "INTERNAL_SERVER_ERROR",
"exception": {
"stacktrace": [
"Error: Not Authorised!",
" at normalizeOptions (/home/kike/prs/projects/rpbb/node_modules/graphql-shield/src/shield.ts:34:7)"
]
}
}
}
],
"data": null
}
Question about GraphQL concepts
I expect Apollo responses with auth errors to have HTTP code 200 and a body with an error extension.code
UNAUTHENTICATED
.
https://www.apollographql.com/docs/apollo-server/data/errors/#unauthenticated
- [☑️] I have checked other questions and found none that matches mine.
Hey @reergymerej 👋,
Thank you for opening an issue. We will get back to you as soon as we can. Have you seen our Open Collective page? Please consider contributing financially to our project. This will help us involve more contributors and get to issues like yours faster.
https://opencollective.com/graphql-shield
We offer
priority
support for all financial contributors. Don't forget to addpriority
label once you become one! 😄
Extra Info
In fallbackError
we're throwing errors created with hapi/boom. If we throw ApolloErrors, we can specify the extensions.code
.
It still seems like the basic "Not Authorised!" response should use INTERNAL_SERVER_ERROR
. We can, however, specify whichever error code we like in the ApolloError
constructor.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.