hasura / graphql-engine

Blazing fast, instant realtime GraphQL APIs on your DB with fine grained access control, also trigger webhooks on database events.
https://hasura.io
Apache License 2.0
31.2k stars 2.77k forks source link

Non-compliant WebSocket message when JWT token expires #9765

Open ibrt opened 1 year ago

ibrt commented 1 year ago

Version Information

Server Version: 2.29.0

Environment

OSS

What is the current behaviour?

When the JWT token used to establish a WebSocket connection expires, Hasura sends this WebSocket message:

{
  "type":"connection_error",
  "payload":"Could not verify JWT: JWTExpired"
}

As far as I can tell this is not spec-compliant. The main practical issue is that the graphql-ws library doesn't recognize the message and throws a different error, effectively swallowing the original message payload.

What is the expected behaviour?

Hasura should return a spec-compliant error message.

How to reproduce the issue?

  1. Establish an authenticated WS connection
  2. Start a subscription
  3. Wait until JWT token expires

Keywords

graphql-ws websocket jwtexpired

tirumaraiselvan commented 1 year ago

This is fixed in v2.30 (commit)... will be out shortly.

lovasoa commented 1 year ago

Related: https://github.com/enisdenjo/graphql-ws/issues/499