Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Dynamic CB Not Firing When Hit By Differently Scoped User
See original GitHub issueDev setup:
graphql-authversion: version “0.2.0”nodeversion: v6.11.1
I am using graphql-auth with:
- hapi
- express
- koa
- other:
What you did:
I have an endpoint that is using the dynamic scope cb to change the scoped based on the params.
Mutation: {
sendMessage: withAuth(
(obj, { input }, context) => {
console.log('params input: ', input)
return input.A ? ["scope:A"] : ["scope:B"];
},
async (
obj,
{ input },
context
) => {...code}
I log in to my app as User A with scope A I hit the above mutation I see the console log I receive the correct result I log out I log in to my app as User B with scope B I hit the above mutation I do not see a console log I get a permission denied error I terminate the server process I start the server process (I am still logged in with B from the previous session) I hit the above mutation I see the console log I receive the correct result I log out (with User B) I log in to my app as User A with scope A I hit the above mutation I do not see a console log I get a permission denied error
What happened:
In my context creation function, the one that puts auth on the context, I can see that the correct scopes are being applied. However, I believe the error has something to do with the dynamic cb being cached or not executed again (because I do not see the console log)
AuthorizationError: Permission Denied!
at AuthorizationError (/Users/test/workspace/petigree/code/node_modules/graphql-auth/index.js:11:5)
at /Users/test/workspace/petigree/code/node_modules/graphql-auth/index.js:51:14
at next (native)
at step (/Users/test/workspace/petigree/code/node_modules/babel-runtime/helpers/asyncToGenerator.js:17:30)
at /Users/test/workspace/petigree/code/node_modules/babel-runtime/helpers/asyncToGenerator.js:35:14
at Promise.F (/Users/test/workspace/petigree/code/node_modules/core-js/library/modules/_export.js:35:28)
at /Users/test/workspace/petigree/code/node_modules/babel-runtime/helpers/asyncToGenerator.js:14:12
at /Users/test/workspace/petigree/code/node_modules/graphql-auth/index.js:35:3
at /Users/test/workspace/petigree/code/node_modules/graphql-tools/src/schemaGenerator.ts:536:22
at resolveFieldValueOrError (/Users/test/workspace/petigree/code/node_modules/graphql/execution/execute.js:498:12)
at resolveField (/Users/test/workspace/petigree/code/node_modules/graphql/execution/execute.js:462:16)
at /Users/test/workspace/petigree/code/node_modules/graphql/execution/execute.js:284:20
at process._tickCallback (internal/process/next_tick.js:109:7)
Issue Analytics
- State:
- Created 6 years ago
- Reactions:1
- Comments:18 (9 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
puts that
requiredScopefunction at the end of the event loop, thereby freeing other functions to run before it gets called.I’m assuming it is to protect against anyone doing a DB call, or any other long-running function, in their auth scope function.
@BipinBhandari nice- I did the same as you, expect i only moved where the variable was being defined.