Comments (10)
How would I register a custom ErrorInfoProvider?
services.AddErrorInfoProvider
How can I detect the Authentication error specifically in the ErrorInfoProvider?
Look into AuthorizationError.AuthorizationResult
I can only specify the error message in the custom ErrorInfoProvider at the moment - a code would be better.
Code is stored into Extensions
property.
from authorization.
Relates to graphql-dotnet/server#480
from authorization.
Relates to graphql-dotnet/server#480
So if I got this right, once this is merged and released I would create a custom ErrorInfoProvider
, which would generate a defined error code (in the JSON result) or something similar with which the client could tell whether, if it was an authentication issue or something else?
I would have some questions relating to this:
- How would I register a custom ErrorInfoProvider? I looked around a bit and found that I can inject one into the DocumentWriter, so am I correct in thinking that I would register a DocumentWriter in DI like this?
services.AddScoped<IDocumentWriter>(provider => new DocumentWriter(new CustomErrorInfoProvider()));
- How can I detect the Authentication error specifically in the ErrorInfoProvider? I want to have different error details depending on whether it is an Authentication or Authorization error:
public class CustomErrorInfoProvider : ErrorInfoProvider
{
public override ErrorInfo GetInfo(ExecutionError executionError)
{
var info = base.GetInfo(executionError);
// would be nice if I could modify the info.Code here...
info.Message = executionError switch
{
// this is for the Authorization case with the planned AuthorizationError right?
// what would I do to handle an AuthenticationError, i.e. an invalid JWT token?
AuthorizationError authorizationError => "Custom message",
_ => info.Message,
};
return info;
}
}
- I can only specify the error message in the custom ErrorInfoProvider at the moment - a code would be better. Is there any way I can configure a custom code in my ErrorInfoProvider?
Samples for this would probably be nice, as you mentioned in the linked PR.
Also is there any way I can help out and get this merged faster?
from authorization.
which would generate a defined status code
Not http status code, just error code.
from authorization.
Also is there any way I can help out and get this merged faster?
Note that PR is targeted agains other project - server, not this repo.
from authorization.
How would I register a custom ErrorInfoProvider?
services.AddErrorInfoProvider
I'm on the latest versions and I don't have an AddErrorInfoProvider
extension method for IServiceColletion
yet.
I only have an extension method for the IGraphQLBuilder
with the following signature:
IGraphQLBuilder AddErrorInfoProvider(Action<ErrorInfoProviderOptions> configureOptions);
This is only used to configure an ErrorInfoProvider, not inject one yourself.
from authorization.
https://github.com/graphql-dotnet/server/blob/master/src/Core/GraphQLBuilderExtensions.cs#L33
from authorization.
I think graphql-dotnet/server#480 is not enough to solve this one... GraphQLHttpMiddleware will still respond with a 200 status code...
You can only change the message text which is reported inside the GraphQL error this way...
@sungam3r Maybe this method should return an int which is then used as HTTP status code....
from authorization.
https://github.com/graphql-dotnet/server/blob/master/src/Core/GraphQLBuilderExtensions.cs#L33
Still, this only lets me configure options for an internally registered ErrorInfoProvider, not adding my own ErrorInfoProvider implementation.
I think graphql-dotnet/server#480 is not enough to solve this one... GraphQLHttpMiddleware will still respond with a 200 status code...
You can only change the message text which is reported inside the GraphQL error this way...
@sungam3r Maybe this method should return an int which is then used as HTTP status code....
Being able to change the HTTP Status code would probably be the easiest option for my case, since it's the easiest for clients to implement. But it's also something clients of an open API might not expect, so being able to communicate an Authentication error clearly in a regular GraphQL response (i.e. HTTP 200) does have its value.
I still think graphql-dotnet/server#480 is the correct approach here, even though I would probably have to write my own middleware that parses each response, checks for an authentication error and initiates a token refresh.
from authorization.
Being able to change the HTTP Status code would probably be the easiest option for my case, since it's the easiest for clients to implement.
It is not supported now. PRs are welcome.
from authorization.
Related Issues (20)
- UNAUTHENTICATED error code HOT 3
- In AuthorizationValidationRule.cs the method CheckAuth is called multiple times. Why? HOT 4
- ETA for v4? HOT 18
- IAuthorizationRequirement is not sent the same variable names as those in IResolveField context HOT 2
- ClaimsPrincipal not retrived trying to use AuthorizeWith in GraphQL queries HOT 6
- Any example for schema first auth example? HOT 2
- How to get a status code 401 when not authorized HOT 6
- Move GraphQLAuthExtensions from Harness into new package HOT 6
- Add docs about IAuthorizationSkipCondition and DI
- Method 'ValidateAsync' in type 'GraphQL.Authorization.AuthorizationValidationRule' from assembly 'GraphQL.Authorization, Version=4.0.0.0 HOT 7
- Question: AuthorizeWithPolicy is being ignored HOT 10
- GraphQL .net authorization with JWT token HOT 7
- AddGraphQLAuth no longer works after switching to Middleware HOT 1
- Return 401 and 403 status code HOT 5
- Is this library still relevant with GraphQL 7+ HOT 22
- How to read graphql query from authorization requirement ?
- Graphql Authorization not working HOT 4
- Faulty reference HOT 6
- How to login user and return token and id ? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authorization.