0

I am using graphQl Hot Chocolate V11 with .net Core 3.1 I have no problem with the identifying of token expire its just the relaying of that problem back to the requester is the problem.

i am trying to add some Authentication to my Requests but i am having an issue with responding when the authorization token is no longer valid due to the time expiring or even any other potential reason for a token to not be valid for that matter. enter image description here

enter image description here but when i throw an exception to try tell the requester that their token has expired it is not returning through the Hot Chocolate IErrorFilter style it comes through as like a server error. enter image description here if there is any better built in way to check these things and respond to the requester propely could anybody please help me out? i would morse think the error should be displayed like in the format of the last screenshot i guess as a Hot Chocolate IErrorFilter response (the error in that screenshot is if i dont properly handle when a user is not authenticated seen as i dont have a currentUser to add to the context that the query is expecting) enter image description here

Aurelius
  • 178
  • 1
  • 1
  • 14
  • I'm using Hot Chocolate v10 and it works as you would expect it to (the AUTH_NOT_AUTHORIZED response is returned as an error extension) so perhaps this is a regression bug in v11? – keithl8041 Jan 29 '21 at 12:49

2 Answers2

0

The only thing that semi worked was creating my exception like this it allowed me to add a proper error code but still deoesnt return as an answer to the query

throw new GraphQLRequestException(ErrorBuilder.New()
                                .SetMessage(ExpiredTokenString)
                                .SetCode(ExpiredTokenCode)
                                .Build());
Aurelius
  • 178
  • 1
  • 1
  • 14
0

I don't know whether this will fix your issue but it might be an acceptable workaround and have a different outcome. Use this to enforce valid is-logged-in security policy:

            // Add policy in Startup.cs
            services.AddAuthorization(options =>
            {
                options.AddPolicy("LoggedInPolicy", Policies.LoggedInPolicy);
            });

then add a Policies class

    public class Policies
    {
        /// <summary>
        /// Requires the user to be logged in
        /// </summary>
        /// <param name="policy"></param>
        public static void MultiFactorAuthenticationPolicy(AuthorizationPolicyBuilder policy)
        {
            policy.RequireAuthenticatedUser();
        }
    }

And then decorate the appropriate endpoints with your authorization attribute to apply the policy

        /// <summary>
        /// Test 'hello world' endpoint
        /// </summary>
        /// <returns>The current date/time on the server</returns>
        [Authorize(Policy = "LoggedInPolicy")]
        public string Hello()
        {
            return DateTime.Now.ToString("O");
        }

You may also have to add this to the GraphQL configuration

SchemaBuilder.New()
  ...
  .AddAuthorizeDirectiveType()
  ...
  .Create();

(from https://chillicream.com/docs/hotchocolate/v10/security/, don't know how much of this applies to v11)

That might connect with some different error handlers.

keithl8041
  • 2,383
  • 20
  • 27