GraphQL response when access denied

Jack Bakker, modified 5 Years ago.

Liferay Master Posts: 978 Join Date: 1/3/10 Recent Posts

in v7.2 GA2, I am exploring auth flow from a decoupled frontend app while also testing in the Altair Chrome extension

I have a GraphQL query:

query {
structuredContent(structuredContentId: 34612) {
title
}
}

If Liferay allows access based on Authorization header, I get back correctly the StructuredContent. However if I don't pass in a Authorization header at all, Liferay does not allow access and the following is returned with response code 200 OK:

{
"data": {
"structuredContent": null
},
"errors": [
{
"extensions": null,
"message": "Exception while fetching data (/structuredContent) : java.lang.SecurityException: Access denied to com.liferay.journal.service.JournalArticleService#getLatestArticle",
"path": null
}
]
}

I am rather new to GraphQL with auth and in the frontend app I want to choose to send the user to a login or display something useful if user is not authorized. Are there no error codes in the response ?

Javier Gamarra, modified 5 Years ago.

RE: GraphQL response when access denied

Expert Posts: 348 Join Date: 2/12/15 Recent Posts

Mmm... GraphQL default behaviour is returning 200 and reading the errors block but it's true that it's hard to parse without an error code, I'll see if I can add it to the default error object.

Jack Bakker, modified 5 Years ago.

RE: GraphQL response when access denied

Liferay Master Posts: 978 Join Date: 1/3/10 Recent Posts

I've been looking at what others do in the way of error codes in GraphQL responses, for example: https://www.apollographql.com/docs/apollo-server/data/errors/ ; I think this will take some planning