Allow for custom error messages to be supplied for auth rules

[darrellwarde]

As you pointed out this error is thrown from apoc.util.validate, inside the database, their error codes are hardcoded deliberately

I think what @dmoree asking for is, to adjust the error message. e.g.:

extend type User @auth(
    rules: [
        { 
            operations: ["read"],
            allow: { path:"id", value: "$jwt.sub", error: "Some nice text" }
        }
    ]
)

To be converted to

MATCH (this:User)
CALL apoc.util.validate(NOT(EXISTS(this.id) AND this.id = $this_auth_allow0_id), "@neo4j/graphql/FORBIDDEN('%s')", ["Some nice text"])
RETURN this {
    .id
} as this

This allows generic error handling to kick in for any error whose message starts with @neo4j/graphql/FORBIDDEN, but also allows the middleware to extract a meaningful message.

Originally posted by @Andy2003 in https://github.com/neo4j/graphql/issues/140#issuecomment-793706400

[EriKWDev]

When I have multiple rules in a list all with complicated OR checks and other things, just receiving "Forbidden" is not very useful for debugging. Custom error messages (Or some kind or some kind of sane, more verbose defaults when in debug mode or something) would help tremendously during, not only development, but could provide more useful information to my users that are trying to do something that they aren't allowed/supposed to do.

[darrellwarde]

100%. This is unlikely to be something we have time for any time soon, so if anyone in the community fancies picking this up then please have a go or let me know so that we can do a rough design of what this will look like.