How can I manage invalid JWT tokens?

[oscar-corredor]

Hi,

I am currently trying to let my Apollo Client know that a token is invalid from the context function in graphql-yoga as follows:

async initialize() {
    const dataSources = new DataSources();
    await dataSources.initialize();
    // gql context manipulation
    const contextFunc = (currentContext: any): GQLContext => {
      let userObject;
      const authorizationHeader = (currentContext.request.headers as Map<string, any>).get("authorization")
      if (authorizationHeader) {
        console.log("header")
        console.log(authorizationHeader)
        try {
          const tokenPayload: any = jsonwebtoken.verify(authorizationHeader.split(" ")[1], Config.jwtSecret, {});
          userObject = {
            id: tokenPayload["id"],
            role: tokenPayload["role"]
          }
        } catch (error: any) {
          throw new GraphQLYogaError("message", { exception: {code: "INVALID_TOKEN"} })
        }

      }
      return {
        dataSources,
        user: userObject
      }
    }
    // GQL server init
    const server = createServer({
      schema,
      context: contextFunc,
    });
    server.start();
  }
}

My intention is to take the token from the authorization header, validate it and set the user information in the GQL server context so I can properly identify the user making a request and act accordingly. Also, if the token is invalid I wish to throw an error code of INVALID_TOKEN so the client knows it needs to take the user to the login page and have the user login so the user can continue using the app.

However, any error thrown inside the context function simply ends in a 500 error code and not much information is provided to the client, here's an example of the response the client gets:

Perhaps I am not doing things the right way (I've done this implementation in a GQL-express server and it works perfectly) and would like to ask for your guidance in how to proceed. Thanks a lot!

[n1ru4l]

Hey @oscar-corredor, this seems like a bug to me, thus I will convert this into an issue. See #1263