Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Enhance the "unauthorized" error message with recovery instructions #12652

Merged
merged 14 commits into from
Dec 5, 2023
Merged

fix: Enhance the "unauthorized" error message with recovery instructions #12652

merged 14 commits into from
Dec 5, 2023

Conversation

stocaaro
Copy link
Contributor

Description of changes

For all graphql calls made through the generateClient interface. When a permission error is returned, this change remaps the error with a clearer error message:

UnauthorizedError: If you're calling an Amplify-generated API, make sure to set the "authMode" in generateClient({ authMode: '...' }) to the backend authorization rule's auth provider ('apiKey', 'userPool', 'iam', 'oidc', 'lambda')

Description of how you validated changes

Tested manually in sample app and by updating unit tests to cover both the call and subscription usecases.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@stocaaro stocaaro requested a review from a team as a code owner November 29, 2023 16:57
svidgen
svidgen reviewed Nov 29, 2023
View reviewed changes
Copy link
Contributor

@svidgen svidgen left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We might want to consider a more generalized "error mapper" like we have in DataStore.

Either way, please take a look at it: https://github.com/aws-amplify/amplify-js/blob/main/packages/datastore/src/sync/processors/errorMaps.ts

We also need to make sure remapping these errors doesn't break customers (like ourselves/DataStore) who might be relying on particular error messages. E.g., will this interfere with DataStore multi-auth? (This is the main reason I'm asking for a look at the mapper regardless of whether you want to so something similar.)

packages/api-graphql/src/utils/errors/repackageAuthError.ts Show resolved Hide resolved
@stocaaro
Copy link
Contributor Author

I'm not opposed to an error mapper and if something like this existed, I would have used it here. Since this change is localized to this one use-case, I think an error mapper might make a good refactoring as we bring in a second error remapping use-case, right?

@stocaaro
Copy link
Contributor Author

stocaaro commented Dec 4, 2023

We've had a discussion about keeping the error message consistent with what came before. Currently these 401's are coming through with the message Unknown error (discovered through manual testing against the API), which doesn't seem specific enough to be valuable. There is prior art indicating that at one time these errors returned with the message Unauthorized. The most recent update adjust to adopt Unauthorized for clarity and consistency.

svidgen
svidgen previously approved these changes Dec 4, 2023
View reviewed changes
Copy link
Contributor

@svidgen svidgen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couple nits, q's.

packages/api-graphql/src/utils/errors/repackageAuthError.ts Outdated Show resolved Hide resolved
packages/api-graphql/src/internals/InternalGraphQLAPI.ts Outdated Show resolved Hide resolved
AllanZhengYP
AllanZhengYP previously approved these changes Dec 4, 2023
View reviewed changes
Copy link
Contributor

@AllanZhengYP AllanZhengYP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The error formation part looks good to me.

david-mcafee
david-mcafee previously approved these changes Dec 5, 2023
View reviewed changes
Copy link
Member

@david-mcafee david-mcafee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With the exception of what Jon pointed out previously, LGTM!

@stocaaro stocaaro merged commit ca62f29 into aws-amplify:main Dec 5, 2023
30 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AllanZhengYP AllanZhengYP AllanZhengYP approved these changes

@svidgen svidgen svidgen approved these changes

@david-mcafee david-mcafee david-mcafee left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@stocaaro @AllanZhengYP @svidgen @david-mcafee