Comments (6)
@john-roland, you might be interested in reading this for extra background
from authorization.
I wrote my own ASP.NET middleware to process GraphQL requests, and one of the things it does is validate the JWT token passed in and return a 401 response code if it is invalid - prior to calling the document executer (which does validation). Sorry, not sure how that answer helps if you're using this authorization library.
from authorization.
@Shane32 , I wrote a custom middleware piggybacking everything, the magic sauce is here
private Task WriteResponseAsync(HttpContext context, IDocumentWriter writer, ExecutionResult result, int statusCode = 200)
{
var json = writer.Write(result);
statusCode = result.Errors?.Any() != true
? (int)HttpStatusCode.OK
: result.Errors?.Any(er => (er as ValidationError)?.Code == "authorization") == true
? (int)HttpStatusCode.Unauthorized
: (int)HttpStatusCode.BadRequest;
result.Errors?.ToList().ForEach(e => _logger.LogError($"GraphQL execution error: {e}"));
context.Response.ContentType = "application/json";
context.Response.StatusCode = statusCode;
return context.Response.WriteAsync(json);
}
UPD: that was long ago, I'm not sure if APIs are now compatible, but you get the idea
from authorization.
Is there's a way to get a 401 status code instead of a 200 + the graphql message (when the authentication is not ok) ?
Of course. Authorize user before handling graphql request. 401/200/xxx - these all are HTTP transport codes. GraphQL as it is has nothing to do with HTTP transport layer.
from authorization.
Closed due lack of feedback.
from authorization.
sorry for being silent, thank you all for your answers, I've done a bit like you've said, interrupting the request before the graphql processing
from authorization.
Related Issues (20)
- Checking for a valid JWT and integrating with a Refresh-Token-Workflow HOT 10
- UNAUTHENTICATED error code HOT 3
- In AuthorizationValidationRule.cs the method CheckAuth is called multiple times. Why? HOT 4
- ETA for v4? HOT 18
- IAuthorizationRequirement is not sent the same variable names as those in IResolveField context HOT 2
- ClaimsPrincipal not retrived trying to use AuthorizeWith in GraphQL queries HOT 6
- Any example for schema first auth example? HOT 2
- Move GraphQLAuthExtensions from Harness into new package HOT 6
- Add docs about IAuthorizationSkipCondition and DI
- Method 'ValidateAsync' in type 'GraphQL.Authorization.AuthorizationValidationRule' from assembly 'GraphQL.Authorization, Version=4.0.0.0 HOT 7
- Question: AuthorizeWithPolicy is being ignored HOT 10
- GraphQL .net authorization with JWT token HOT 7
- AddGraphQLAuth no longer works after switching to Middleware HOT 1
- Return 401 and 403 status code HOT 5
- Is this library still relevant with GraphQL 7+ HOT 22
- How to read graphql query from authorization requirement ?
- Graphql Authorization not working HOT 4
- Faulty reference HOT 6
- How to login user and return token and id ? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authorization.