GraphQL response when access denied

RE: GraphQL response when access denied

2019-12-03T23:42:05Z

Sounds good. Let me know if I can help.

RE: GraphQL response when access denied

2019-12-03T20:09:32Z

Whoa... I didn't know that there were well though solutions outside of the standard. Will take a look

RE: GraphQL response when access denied

2019-12-03T20:07:21Z

I've been looking at what others do in the way of error codes in GraphQL responses, for example: https://www.apollographql.com/docs/apollo-server/data/errors/ ; I think this will take some planning

RE: GraphQL response when access denied

2019-12-03T20:00:20Z

Mmm... GraphQL default behaviour is returning 200 and reading the errors block but it's true that it's hard to parse without an error code, I'll see if I can add it to the default error object.

GraphQL response when access denied

2019-12-02T23:04:28Z

in v7.2 GA2, I am exploring auth flow from a decoupled frontend app while also testing in the Altair Chrome extension

I have a GraphQL query:

query {
structuredContent(structuredContentId: 34612) {
title
}
}

If Liferay allows access based on Authorization header, I get back correctly the StructuredContent. However if I don't pass in a Authorization header at all, Liferay does not allow access and the following is returned with response code 200 OK:

{
"data": {
"structuredContent": null
},
"errors": [
{
"extensions": null,
"message": "Exception while fetching data (/structuredContent) : java.lang.SecurityException: Access denied to com.liferay.journal.service.JournalArticleService#getLatestArticle",
"path": null
}
]
}

I am rather new to GraphQL with auth and in the frontend app I want to choose to send the user to a login or display something useful if user is not authorized. Are there no error codes in the response ?