401 status code for token authentication

[berkcoker]

I think in the case of token authentication, it would make sense to be able to return a 401, even if only one field errors out this way (referring to the example given in the original post). This status code is necessary to make this library compatible with authMiddleware in React Relay Network Modern, which expects a 401 status code to refresh tokens.

Originally posted by @berkcoker in https://github.com/graphql-python/graphene/issues/946#issuecomment-698617718

[goharyounas]

any progress on this open issue?

[advl]

Definitely, by not being able to return 401, graphene is de facto incompatible with the widely used React Relay Network Modern.

Solution 1: (Suboptimal) : I have found a hackish way to solve it here https://stackoverflow.com/questions/49349689/how-to-return-customized-json-response-for-an-error-in-graphene-django-graphen ... really suboptimal compared to the advantage of being able to set up status codes in the resolvers logic directly.

Solution 2 (Better but Undocumented) : By looking at https://github.com/relay-tools/react-relay-network-modern/blob/master/src/middlewares/auth.js we should be able to trigger the reload of tokens by returning the error message 'Empty token' , line 51

[Shannanigans]

Is solution 2 actually viable? I believe the error message that is being read is internal to the lib and not in the request response.

@advl have you found a solution to this issue?

[Shannanigans]

For anyone else ending up here. I solved this by getting the token payload in a django middleware which catches the jwt.ExpiredSignatureError exception and returns a 401. I had to create a custom react relay network modern middleware on the client to exclude auth headers.