Nexus returns status code 500 when JWT is expired

[sreuter]

Nexus Report

{
  "node": "v12.14.0",
  "os": {
    "platform": "darwin",
    "release": "18.7.0"
  },
  "nexus": "^0.26.1",
  "plugins": [
    "nexus-plugin-auth0",
    "nexus-plugin-user-context",
    "nexus-plugin-shield",
    "nexus-plugin-prisma"
  ],
  "otherDependencies": {
    "@types/jwt-decode": "^2.2.1",
    "jwt-decode": "^2.2.0",
    "typescript": "^3.7.5"
  },
  "devDependencies": {
    "@types/jest": "^26.0.8",
    "jest": "^26.2.2",
    "nodemon": "^2.0.2",
    "prettier": "^2.0.5",
    "ts-jest": "^26.1.4",
    "ts-node": "^8.6.2"
  },
  "hasAppModule": true,
  "packageManager": "yarn",
  "errorsWhileGatheringReport": {
    "gettingLayout": null,
    "gettingPluginManifests": null
  }
}

Description

Nexus returns 500 with this plugin whenever a JWT is expired. It should return a 401 instead, so that a client can react according and refresh its token.

[haysclark]

@sreuter This Nexus plugin simply wraps jwks-rsa, so you might need to create an issue in that library and then follow up when a fix is released.

[sreuter]

I think this is more about the missing ability (or knowledge) of being able to control the status code being sent from within a nexus plugin. I've solved this for now by simply adding a express middleware to nexus via server.express.use(). Might also be possible via https://nexusjs.org/api/nexus/schema#example-simple-middlewares, but felt less appropriate as its not really related to the schema.