graphql-mesh icon indicating copy to clipboard operation
graphql-mesh copied to clipboard

Published 20 hours ago verified publisher icon ardatan

Receiving 401 without body does not throw an error

Open glb-cblin opened this issue 1 year ago • 4 comments

Is your feature request related to a problem? Please describe.

I have an expired JWT in the headers, the server returns only HTTP headers (without body)

< HTTP/1.1 401 Unauthorized < www-authenticate: Bearer error="invalid_token", error_description="The token expired at '12/27/2023 17:13:50'"

Instead of throwing an error, the mesh is replacing the response by an empty object

Describe the solution you'd like

I'd like the mesh to throw an error

Describe alternatives you've considered

N/A

Additional context

N/A

glb-cblin avatar Dec 28 '23 09:12 glb-cblin

A bit more context : it seems to happen only for operations with a return type marked as "JSON"

Examples :

query me { identity: GetUser { id } } 
=> I receive an error
"errors": [
    {
      "message": "HTTP Error: 401, Could not invoke operation <redacted>",

query systemStatus {
  SystemStatus
}
=> I do NOT receive an error
{
  "data": {
    "SystemStatus": ""
  }
}

The only difference I can see is that the query SystemStatus is defined like SystemStatus: JSON whereas the query GetUser has a "proper" return GetUser: UserInfo

glb-cblin avatar Dec 28 '23 09:12 glb-cblin

Could you give more details about your setup? What kind of source are you using? OpenAPI? SOAP? GraphQL? For GraphQL, GraphQL Mesh forwards the response as-is. For OpenAPI, only if there is a response for 401 status code, GraphQL Mesh returns the exact response. GraphQL Mesh throws an error if there is no defined response in the OpenAPI spec for that specific status code. If you don't want Mesh to handle other status codes, you can set ignoreErrorResponses: true so in that case Mesh will only handle 2xx status codes, and throw others.

ardatan avatar Dec 28 '23 13:12 ardatan

I'm using OpenAPI

Below is the extract of the OpenApi for both operations (they are in the same source)

note : I cannot provide the whole doc as is, I'd need to clean everything except these 2 operations, please ask if needed

None of them specify the 401 return code, so it should throw based on your explanation

I do want graphql mesh to handle the described errors (like "400" for example) so I do not want to use ignoreErrorResponses

I'm attaching the logs of Graphql mesh for both queries (I redacted the URLs, the tokens, ...) logs-graphql-mesh.zip

you will see that the server answers the same response in both cases but the difference is at the end

Extract for the systemStatus
🐛 🕸️  Mesh - Identity - Query.SystemStatus   => Return type is not a JSON so returning

Here is the relevant OpenApi

/systemSstatus:
    get:
      operationId: SystemStatus
      responses:
        "200":
          description: Success
          content:
            application/json:
              schema:
                type: object
                additionalProperties:
                  type: boolean
            text/json:
              schema:
                type: object
                additionalProperties:
                  type: boolean

/user-info:
    get:
      operationId: GetUser
      responses:
        "200":
          description: Success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UserInfo'

glb-cblin avatar Dec 28 '23 13:12 glb-cblin

Adding the screenshot of the diff

image

glb-cblin avatar Dec 28 '23 13:12 glb-cblin