-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Should I use visible? or authorized? #2565
Comments
It depends what kind of client experience you want to provide. If you use If you use Personally, I recommend As for performance, I wouldn't worry about it. A general tradeoff of GraphQL is higher latency in exchange for a better client experience, and I think this case warrants that tradeoff too. Hope that helps! |
@rmosolgo Thanks! I've decided to use definition_methods do
def resolve_type(object, context)
# ...
end
def authorized?(object, context)
puts "test"
false # for testing
end
end And in def self.unauthorized_object(error)
raise GraphQL::ExecutionError, "Not authorized!"
end Yet I never get any logs nor do I get the |
🤔 I honestly have no idea what I can imagine it would be possible to call graphql-ruby/lib/graphql/schema/member/base_dsl_methods.rb Lines 113 to 118 in b30ea93
So, you could try adding |
If I have certain queries that require a token for authentication, should I hide those parts of the schema to unauthenticated users altogether via
visible?
or should I useauthorized?
to make the client aware that the query exists but cannot be accessed without authentication? Is it preferable for security or performance reasons becausevisible?
does not actually execute the query?The text was updated successfully, but these errors were encountered: