Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Server sends 200 response when secret key changes, not 401

See original GitHub issue

When the server secret key changes all tokens are invalidated because they can no longer be decrypted. However, instead of returning a response with code 401-Unauthorized, the server returns a response with code 200-OK and includes the deserialization error in the response.

Example response:

{  
   "errors":[  
      {  
         "message":"Error decoding signature",
         "locations":[  
            {  
               "line":1,
               "column":38
            }
         ],
         "path":[  
            "createTeam"
         ]
      }
   ],
   "data":{  
      "createTeam":null
   }
}

If time allows, I’ll follow this up with a PR to correct the issue.

Issue Analytics

State:
Created 5 years ago
Reactions:1
Comments:7 (3 by maintainers)

Top GitHub Comments

2reactions

jckwcommented, Apr 19, 2019

I think @jayhale is suggesting that the response status code is changed to HTTP 401 instead. That way, generic middleware can recognise when a request was unsuccessful due to a token being invalid and can automatically refresh it.

0reactions

jayhalecommented, Aug 7, 2019

@themotu, we avoided this library and instead wrote the authenticator in-house.