Fix / Logging in with expired tokens does not work #1501

thekevinbrown · 2025-01-08T03:43:44Z

Now treating users with expired tokens as guests instead of throwing
If this error occurs while successfully logging in, there's no need to redirect to the login, so we no longer do.
To achieve this, there's a new flag in context that a resolver can set to avoid the redirect to login specifically in the case of token expiry.
This PR also resolves information disclosure in errors in the API key authentication module, instead logging the reason for the rejection.

…n. User is now treated as guest, resolvers are allowed to run, then an operation can tell the context not to bother redirecting in this particular scenario. If any resolver throws an AuthorizationError the redirect still occurs.

thekevinbrown merged commit 0bc9d0d into main Jan 8, 2025
14 checks passed

thekevinbrown deleted the fix/logging-in-with-expired-tokens-does-not-work branch January 8, 2025 04:42

thekevinbrown added 7 commits January 20, 2025 14:35

Remove information disclosure in error messages, add to logs instead.

8d45aef

Update error messages in tests to match.

c6474d3

Fix for error message now that resolvers are allowed to run.

2705845

Bump to latest PNPM.

a3260d9

Fix result shape.

a12762e

Switched to deep equality instead of reference equality.

da4e470

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix / Logging in with expired tokens does not work #1501

Fix / Logging in with expired tokens does not work #1501

thekevinbrown commented Jan 8, 2025

Fix / Logging in with expired tokens does not work #1501

Fix / Logging in with expired tokens does not work #1501

Conversation

thekevinbrown commented Jan 8, 2025