moxley
Troubleshooting authorization error through ash_graphql
After updating ash from version 2.17.11 to 2.17.12, 9 test failures showed up in my test suite. All the failures were on API tests that use ash_graphql. I’m on ash_graphql 0.25.13. All the failures are the same: the response contains the "message": "forbidden" error, the kind you get when the actor doesn’t have permission to access something. The logs did not contain any policy breakdown (it seems never to work during ash_graphql tests).
These are all the log entries that are logged for a failing test:
20:00:26.004 request_id=F8qg_y1LnSpDpzwAAA2B [info] POST /api/gql
20:00:26.029 request_id=F8qg_y1LnSpDpzwAAA2B [info] GF.Carts.PaymentMethodInput.create
20:00:26.029 request_id=F8qg_y1LnSpDpzwAAA2B [info] Sent 200 in 24ms
My config/test.exs contains this :ash, :policies entry:
config :ash, :policies,
show_policy_breakdowns?: true,
log_policy_breakdowns: :info,
log_successful_policy_breakdowns: :debug
When changing it to log_policy_breakdowns: :warning, this log entry changes from an info to a warning level:
20:00:26.029 request_id=F8qg_y1LnSpDpzwAAA2B [warning] GF.Carts.PaymentMethodInput.create
I tried bypassing ash_graphql, writing a test that only calls Ash.Changeset and my Ash API module, but there was no authorization error, and I’m not sure I’m setting it up the same way that ash_graphql is.
Without a policy breakdown, and no details in the logs, how does one go about troubleshooting this issue?
Marked As Solved
zachdaniel
Yeah, that is some low hanging fruit DX that should have been addressed a long time ago. Will look into it today ![]()
Also Liked
moxley
I figured it out. It was related to that log entry I mentioned before, for GF.Carts.PaymentMethodInput.create. GF.Carts.PaymentMethodInput is an embedded resource. It had Ash.Policy.Authorizer configured as the authorizer, but there were no policies configured in that resource, nor should there be. By removing Ash.Policy.Authorizer from the resource configuration, the errors went away.
I would have been helpful if the logs indicated that no policies were set.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #javascript
- #code-sync
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








