Do not throw Forbidden error but log as warning

[nicoes]

Is your feature request related to a problem? Please describe.
At the moment we are using Sentry for logging / monitoring Vendure errors. We see the Forbidden errors also being logged to Sentry.

Describe the solution you'd like
We could filter those errors out in Sentry but we think forbidden should not throw an error but can be logged as a warning instead, since it's expected behaviour.

Describe alternatives you've considered
Filtering Forbidden errors out in Sentry.

[martijnvdbrug]

Some extra context: UserInputError's are also logged as warning, and I feel ForbiddenError's are of similar importance: ForbiddenError usually means something is wrong with the user's credentials or permissions

[alexisvigoureux]

Hi, we also use Sentry and we simply don't capture 'Forbidden' messages using an Apollo plugin. Check: https://beta-docs.vendure.io/reference/typescript-api/configuration/api-options/#apolloserverplugins

Here is an example of how to do it

export class ApolloLogs implements ApolloServerPlugin {
 public async requestDidStart(requestContext: GraphQLRequestContext): Promise<GraphQLRequestListener | void> {
    return {
      didEncounterErrors: async (context) => {
       // Maybe this line is not necessary for your app
        if (context.operation) {
          for (const err of context.errors) {
            if (err.extensions?.code === 'FORBIDDEN') {
              continue
            }

            ........
           Sentry.captureException(err) 
          }
        }
      },
    }
  }
}

[nicoes]

Thanks for the alternative solution Alexis! That would be a good way to solve it if it were to remain an error. I agree with Martijn that a Forbidden error is a client induced error. Like the HTTP 403 Forbidden error. So from my perspective the server shouldn't throw an error in the first place. Hence this feature request.

[michaelbromley]

Agreed. In v2.1 this should be downgraded to a warning.