Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication with Netlify Deploy Returns error:Forbidden #245

Closed
jaedag opened this issue Jun 11, 2021 · 14 comments
Closed

Authentication with Netlify Deploy Returns error:Forbidden #245

jaedag opened this issue Jun 11, 2021 · 14 comments
Labels
bug report Something isn't working

Comments

@jaedag
Copy link

jaedag commented Jun 11, 2021

Hi Everyone,

I'm trying to deploy my first app using GRANDstack with netlify.
I'm having some issues implementing authentication.

I've created an @auth directive

extend type Member @auth(rules: [{ roles: ["federalAdmin"] }])

{
  members {
    id
  }
}

I don't know what it is, but the same queries that I run on my local machine work perfectly but when I run them against my function in the cloud, I get the response

{
  "errors": [
    {
      "message": "Forbidden",
      "locations": [
        {
          "line": 2,
          "column": 3
        }
      ],
      "path": [
        "maritalStatuses"
      ],
      "extensions": {
        "code": "INTERNAL_SERVER_ERROR",
        "exception": {
          "stacktrace": [
            "Neo4jGraphQLForbiddenError: Forbidden",
            "    at Object.<anonymous> (/Users/jd/Documents/dev/fl-admin-portal/api/node_modules/@neo4j/graphql/src/utils/execute.ts:95:19)",
            "    at Generator.throw (<anonymous>)",
            "    at rejected (/Users/jd/Documents/dev/fl-admin-portal/api/node_modules/@neo4j/graphql/dist/utils/execute.js:24:65)",
            "    at processTicksAndRejections (internal/process/task_queues.js:93:5)"
          ]
        }
      }
    }
  ],
  "data": null
}

I would like to know if there is something I am doing wrong or if this is a bug in netlify or in GRANDstack. Any help?

Has anyone been able to implement authentication with a netlify function so far?

My code can be found here https://github.com/jaedag/fl-admin-portal.

Thanks in advance!

System:

  • OS: macOS
  • Version: [e.g. @neo4j/graphql@1.0.2
  • Node.js version: 14.16.0
@jaedag jaedag added bug report Something isn't working inbox labels Jun 11, 2021
@oskarhane
Copy link
Member

Thanks for opening this issue @jaedag.
Just a quick question: Have you verified that you get a token and that it can be verified using the process.env.JWT_SECRET?

@darrellwarde
Copy link
Contributor

We could also do with some debug output here - could you set the environment variable DEBUG=@neo4j/graphql:auth before running your application? This will tell you if anything went wrong during the extraction and decoding of the JWT from the request.

@jaedag
Copy link
Author

jaedag commented Jun 11, 2021

Currently I'm using GraphiQL to test the netlify function. I'm setting the jwt my self.
And yes it can be verified and decoded using the JWT secret.

And like I mentioned earlier it all works locally on my machine, but not when I deploy through

@jaedag
Copy link
Author

jaedag commented Jun 11, 2021

We could also do with some debug output here - could you set the environment variable DEBUG=@neo4j/graphql:auth before running your application? This will tell you if anything went wrong during the extraction and decoding of the JWT from the request.

Trying this now

@jaedag
Copy link
Author

jaedag commented Jun 11, 2021
edited
Loading

2021-06-11T09:37:05.831Z @neo4j/graphql:auth Could not extract request from context

@darrellwarde This is what I'm getting. But I'm not sure why. Can you please help?

Here is my server constructor

const server = new ApolloServer({
  schema: neoSchema.schema,
  context: ({ event }) => {
    const req = event
    return req
  },
  introspection: true,
  playground: false,
})

I understand that apollo-server-lambda returns an event object instead of a req. So I tried reassigning but looks like it didn't work?

@darrellwarde
Copy link
Contributor

And to ask a stupid question as I'm sure you are, but you're definitely passing the Authorization header in the request?

@danstarns
Copy link
Contributor

2021-06-11T09:37:05.831Z @neo4j/graphql:auth Could not extract request from context

@darrellwarde This is what I'm getting. But I'm not sure why. Can you please help?

Here is my server constructor

const server = new ApolloServer({
  schema: neoSchema.schema,
  context: ({ event }) => {
    const req = event
    return req
  },
  introspection: true,
  playground: false,
})

I understand that apollo-server-lambda returns an event object instead of a req. So I tried reassigning but looks like it didn't work?

Hi. Are you sure event in your context is defined? Try logging this to see if it's there.

@jaedag
Copy link
Author

jaedag commented Jun 11, 2021

And to ask a stupid question as I'm sure you are, but you're definitely passing the Authorization header in the request?

LOL. yes I am.

Screenshot 2021-06-11 at 09 44 53

@danstarns
Copy link
Contributor

const server = new ApolloServer({
schema: neoSchema.schema,
context: ({ event }) => {
const req = event
return req
},

I feel as though it should be this:

const server = new ApolloServer({
    schema: neoSchema.schema,
    context: ({ req }) => {
        return { req } ;
    },
});

@jaedag
Copy link
Author

jaedag commented Jun 11, 2021

Hi. Are you sure event in your context is defined? Try logging this to see if it's there.

Yeah @danstarns. The event object is there. I'm trying your code now though

@danstarns
Copy link
Contributor

PR #246 that makes the debug output a little nicer for situations like this.

@jaedag
Copy link
Author

jaedag commented Jun 11, 2021

const server = new ApolloServer({
schema: neoSchema.schema,
context: ({ event }) => {
const req = event
return req
},

I feel as though it should be this:

const server = new ApolloServer({
    schema: neoSchema.schema,
    context: ({ req }) => {
        return { req } ;
    },
});
const server = new ApolloServer({
  schema: neoSchema.schema,
  context: ({ event }) => {
    return { req: event }
  },
  introspection: true,
  playground: false,
})

This is what eventually worked for me. In case anyone else should need it. Apparently lambda functions pass an event object instead of a req. So returning the event object under the req key did the trick. This should probably be added to the documentation somewhere.

@darrellwarde
Copy link
Contributor

Of course, should have spotted that:

const server = new ApolloServer({
  schema: neoSchema.schema,
  context: ({ event }) => {
    const req = event
    return req
  },
  introspection: true,
  playground: false,
})

Should have been:

const server = new ApolloServer({
  schema: neoSchema.schema,
  context: ({ event }) => {
    const req = event
    return { req }
  },
  introspection: true,
  playground: false,
})

I agree, this should be in the docs.

I think for a better developer experience, we could look for headers in the appropriate places for all of the compatible middlewares for Apollo: https://www.apollographql.com/docs/apollo-server/api/apollo-server/#middleware-specific-context-fields

@darrellwarde
Copy link
Contributor

Closing this particular issue as now resolved, both points regarding docs and extracting from different places have now been raised in Trello. 🙂

@jaedag jaedag mentioned this issue Jun 11, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug report Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@oskarhane @darrellwarde @jaedag @danstarns