dancefinder/dancefinder
5
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Activity

fix(graph): tolerate missing subject in Origins resolver #428

Merged
argoyle merged 1 commits from fix/origins-resolver-tolerate-no-auth into master 2026-05-05 17:50:21 +00:00
Conversation 0 Commits 1 Files Changed 1
+5 -5
argoyle commented 2026-05-05 17:30:32 +00:00
Owner
Copy Link
Copy Source

Summary

  • Origins returned an error when no JWT subject was present
  • The non-nullable list propagated null up to the root, killing the whole FindEvents query and rendering an empty event list
  • Mirror the Events resolver behavior and return [] instead, so partial-auth requests still render events

Why

On cold start (especially mobile), the Auth0 SDK can be in a stale state where isAuthenticated is true but getAccessTokenSilently() returns no usable token. Apollo then sent an unauthenticated FindEvents query that included the Origins field, which errored and nulled out the entire response. Users had to log out and back in to see events.

Test plan

  • go test ./graph/...
  • Verify on phone: cold open with stale auth still shows events
## Summary - `Origins` returned an error when no JWT subject was present - The non-nullable list propagated null up to the root, killing the whole `FindEvents` query and rendering an empty event list - Mirror the `Events` resolver behavior and return `[]` instead, so partial-auth requests still render events ## Why On cold start (especially mobile), the Auth0 SDK can be in a stale state where `isAuthenticated` is true but `getAccessTokenSilently()` returns no usable token. Apollo then sent an unauthenticated `FindEvents` query that included the `Origins` field, which errored and nulled out the entire response. Users had to log out and back in to see events. ## Test plan - [x] `go test ./graph/...` - [ ] Verify on phone: cold open with stale auth still shows events
argoyle added 1 commit 2026-05-05 17:30:33 +00:00
fix(graph): tolerate missing subject in Origins resolver
dancefinder / check (pull_request) Successful in 2m13s
Details
dancefinder / build (pull_request) Successful in 14m9s
Details
dancefinder / deploy-prod (pull_request) Has been skipped
Details
ace1e39020 
Origins returned an error when no JWT subject was present, which
propagated null through the non-nullable list and killed the whole
FindEvents query. Mirror Events behavior and return an empty list
instead so partial-auth requests still render events.
argoyle scheduled this pull request to auto merge when all checks succeed 2026-05-05 17:31:31 +00:00
argoyle merged commit 69df9d9d41 into master 2026-05-05 17:50:21 +00:00
argoyle deleted branch fix/origins-resolver-tolerate-no-auth 2026-05-05 17:50:22 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
dependencies
Pull requests that update a dependency file
 docker
go
security
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
argoyle (Joakim Olsson) buildtools (Buildtools) kubernetes (Kubernetes) releaser (Unbound Releaser) renovate (Renovate Bot)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: dancefinder/dancefinder#428
Delete Branch "fix/origins-resolver-tolerate-no-auth"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?