Some kind of interceptor for validating accessToken for all inputs in all queries/mutations? #525
-
|
Hi everyone. I would like before executing any data fetcher, to validate that accessToken(Expiration time, etc), but the only way I have found is using the Instrumentation: https://netflix.github.io/dgs/advanced/instrumentation/ The only problem is that if I throw an exception, the framework will throw a response with "data: null:" and nothing else. The code will never execute the onException of the handler like this: (Is this a bug?) Any idea of how to achieve what I am trying to do? Basically I need something that executes always and try to find a field called accessToken of any input, if exists it must be validated, if cannot be validated it will throw a UNAUTHENTICATED exception. Thanks in advance. |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 1 reply
-
|
I just tried this in a project, and I see the exception handler being invoked as expected. Here is the sample code I tried with: This method is invoked prior to executing each data fetcher, and the exception is caught as expected by the exception handler. Hope this helps. |
Beta Was this translation helpful? Give feedback.
-
Thank you for the reply. It works but doesn't fit with my use case, because that code executes after the datafetcher. I do not want to execute the datafetcher if the Token is expired, so I need it to check it before the datafetcher executes. If I put the exception before the return of the datafetcher(so before the execution of it) I Get this response for the framework: { I think is some kind of bug, the exception handler should catch all exceptions no matter where is produced. |
Beta Was this translation helpful? Give feedback.
-
|
Can you provide your code so we can reproduce this and investigate further?
… On Aug 11, 2021, at 5:41 AM, zanonena ***@***.***> wrote:
I just tried this in a project, and I see the exception handler being invoked as expected. Here is the sample code I tried with:
@OverRide
public DataFetcher<?> instrumentDataFetcher(DataFetcher<?> dataFetcher, InstrumentationFieldFetchParameters parameters) {
return environment -> {
// Replace with your authorization logic or custom code to wrap each data fetcher call
if (environment.getArgument("name") == null) {
throw new AccessDeniedException("Denied test");
}
return dataFetcher.get(environment);
};
}
This method is invoked prior to executing each data fetcher, and the exception is caught as expected by the exception handler.
Hope this helps.
Thank you for the reply. It works but doesn't fit with my use case, because that code executes after the datafetcher. I do not want to execute the datafetcher if the Token is expired, so I need it to check it before the datafetcher executes.
If I put the exception before the return of the datafetcher(so before the execution of it) I Get this response for the framework:
{
"data": null
}
I think is some kind of bug, the exception handler should catch all exceptions no matter where is produced.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
Beta Was this translation helpful? Give feedback.
-
|
OK apparently I was putting the exception in a wrong part of the code, it must be put as you said inside the return and before executing the dataFetcher.get(environment).
Apparently I was throwing my exception before the return, if that is the case it doesn't work. |
Beta Was this translation helpful? Give feedback.
I just tried this in a project, and I see the exception handler being invoked as expected. Here is the sample code I tried with:
This method is invoked prior to executing each data fetcher, and the exception is caught as expec…