Default values in GraphQL input types are not supported

I’m using Tyk (v4.1.0.rc10) as a GraphQL APi gateway in supergraph/subgraphs mode.

My GraphQL schema has a lot of input types where some required fields have default values. An example:

enum MyEnum {
  VALUE_A
  VALUE_B
}

input MyInput {
  fieldA: MyEnum! = VALUE_A
  fieldB: String
}

extend type Mutation {
  myMutation(input: MyInput!): Boolean!
}

Please notice that while fieldA is required it also has a default value, so it may be omitted from the request.

When I’m trying to execute the following request:

mutation {
  myMutation(input: {
    fieldB: "a string"
  })
}

Tyk return an error:

time="May 31 10:06:53" level=error msg="http: proxy error: could not render JSON variable, validation failed: /: {"input":{"fieldA" value is required" api_id=graph
ql api_name="GraphQL API" mw=ReverseProxy org_id= prefix=proxy server_name= user_id="***" user_ip="***" user_name="***"

I reported this bug in GitHub: GraphQL input fields with default values are not supported · Issue #4094 · TykTechnologies/tyk · GitHub

Questions:

  • Is it possible to turn off the input data validation in Tyk?
  • Does the problem have any workarounds?

Hello @Andrey_Nado, are you using the Open Source product?

I tried this in a Self Managed setup but could not reproduce the issue. I have shared my schema and API definition below.

Schema

type Mutation {
  default: String
}

type Query {
  default: String
}

enum MyEnum {
  VALUE_A
  VALUE_B
}

input MyInput {
  fieldA: MyEnum!
  fieldB: String
}

input StringInput {
  field: String
}

input ReviewInput {
  stars: Int! = 5
  commentary: String
}

extend type Mutation {
  myMutation(myInput: MyInput!): Boolean
  stringMutation(string: String): String
  stringInputMutation(stringInput: StringInput!): String
  reviewInputMutation(input: ReviewInput!): String
}

API Definition

{
    "id": "629762b5cb61060001e0c1a3",
    "name": "UDG Andrey Nado",
    "slug": "udg-andrey-nado",
    "listen_port": 0,
    "protocol": "",
    "enable_proxy_protocol": false,
    "api_id": "c863ae54a0e7462f5be6710b6eaa40f6",
    "org_id": "628540911969ff0001576735",
    "use_keyless": true,
    "use_oauth2": false,
    "use_openid": false,
    "openid_options": {
        "providers": [],
        "segregate_by_client": false
    },
    "oauth_meta": {
        "allowed_access_types": [],
        "allowed_authorize_types": [],
        "auth_login_redirect": ""
    },
    "auth": {
        "use_param": false,
        "param_name": "",
        "use_cookie": false,
        "cookie_name": "",
        "auth_header_name": "Authorization",
        "use_certificate": false,
        "validate_signature": false,
        "signature": {
            "algorithm": "",
            "header": "",
            "use_param": false,
            "param_name": "",
            "secret": "",
            "allowed_clock_skew": 0,
            "error_code": 0,
            "error_message": ""
        }
    },
    "auth_configs": {
        "authToken": {
            "use_param": false,
            "param_name": "",
            "use_cookie": false,
            "cookie_name": "",
            "auth_header_name": "Authorization",
            "use_certificate": false,
            "validate_signature": false,
            "signature": {
                "algorithm": "",
                "header": "",
                "use_param": false,
                "param_name": "",
                "secret": "",
                "allowed_clock_skew": 0,
                "error_code": 0,
                "error_message": ""
            }
        },
        "basic": {
            "use_param": false,
            "param_name": "",
            "use_cookie": false,
            "cookie_name": "",
            "auth_header_name": "Authorization",
            "use_certificate": false,
            "validate_signature": false,
            "signature": {
                "algorithm": "",
                "header": "",
                "use_param": false,
                "param_name": "",
                "secret": "",
                "allowed_clock_skew": 0,
                "error_code": 0,
                "error_message": ""
            }
        },
        "coprocess": {
            "use_param": false,
            "param_name": "",
            "use_cookie": false,
            "cookie_name": "",
            "auth_header_name": "Authorization",
            "use_certificate": false,
            "validate_signature": false,
            "signature": {
                "algorithm": "",
                "header": "",
                "use_param": false,
                "param_name": "",
                "secret": "",
                "allowed_clock_skew": 0,
                "error_code": 0,
                "error_message": ""
            }
        },
        "hmac": {
            "use_param": false,
            "param_name": "",
            "use_cookie": false,
            "cookie_name": "",
            "auth_header_name": "Authorization",
            "use_certificate": false,
            "validate_signature": false,
            "signature": {
                "algorithm": "",
                "header": "",
                "use_param": false,
                "param_name": "",
                "secret": "",
                "allowed_clock_skew": 0,
                "error_code": 0,
                "error_message": ""
            }
        },
        "jwt": {
            "use_param": false,
            "param_name": "",
            "use_cookie": false,
            "cookie_name": "",
            "auth_header_name": "Authorization",
            "use_certificate": false,
            "validate_signature": false,
            "signature": {
                "algorithm": "",
                "header": "",
                "use_param": false,
                "param_name": "",
                "secret": "",
                "allowed_clock_skew": 0,
                "error_code": 0,
                "error_message": ""
            }
        },
        "oauth": {
            "use_param": false,
            "param_name": "",
            "use_cookie": false,
            "cookie_name": "",
            "auth_header_name": "Authorization",
            "use_certificate": false,
            "validate_signature": false,
            "signature": {
                "algorithm": "",
                "header": "",
                "use_param": false,
                "param_name": "",
                "secret": "",
                "allowed_clock_skew": 0,
                "error_code": 0,
                "error_message": ""
            }
        },
        "oidc": {
            "use_param": false,
            "param_name": "",
            "use_cookie": false,
            "cookie_name": "",
            "auth_header_name": "Authorization",
            "use_certificate": false,
            "validate_signature": false,
            "signature": {
                "algorithm": "",
                "header": "",
                "use_param": false,
                "param_name": "",
                "secret": "",
                "allowed_clock_skew": 0,
                "error_code": 0,
                "error_message": ""
            }
        }
    },
    "use_basic_auth": false,
    "basic_auth": {
        "disable_caching": false,
        "cache_ttl": 0,
        "extract_from_body": false,
        "body_user_regexp": "",
        "body_password_regexp": ""
    },
    "use_mutual_tls_auth": false,
    "client_certificates": [],
    "upstream_certificates": {},
    "pinned_public_keys": {},
    "enable_jwt": false,
    "use_standard_auth": false,
    "use_go_plugin_auth": false,
    "enable_coprocess_auth": false,
    "jwt_signing_method": "",
    "jwt_source": "",
    "jwt_identity_base_field": "",
    "jwt_client_base_field": "",
    "jwt_policy_field_name": "",
    "jwt_default_policies": [],
    "jwt_issued_at_validation_skew": 0,
    "jwt_expires_at_validation_skew": 0,
    "jwt_not_before_validation_skew": 0,
    "jwt_skip_kid": false,
    "jwt_scope_to_policy_mapping": {},
    "jwt_scope_claim_name": "",
    "notifications": {
        "shared_secret": "",
        "oauth_on_keychange_url": ""
    },
    "enable_signature_checking": false,
    "hmac_allowed_clock_skew": -1,
    "hmac_allowed_algorithms": [],
    "request_signing": {
        "is_enabled": false,
        "secret": "",
        "key_id": "",
        "algorithm": "",
        "header_list": [],
        "certificate_id": "",
        "signature_header": ""
    },
    "base_identity_provided_by": "",
    "definition": {
        "location": "header",
        "key": "x-api-version",
        "strip_path": false
    },
    "version_data": {
        "not_versioned": true,
        "default_version": "",
        "versions": {
            "Default": {
                "name": "Default",
                "expires": "",
                "paths": {
                    "ignored": [],
                    "white_list": [],
                    "black_list": []
                },
                "use_extended_paths": true,
                "extended_paths": {},
                "global_headers": {},
                "global_headers_remove": [],
                "global_response_headers": {},
                "global_response_headers_remove": [],
                "ignore_endpoint_case": false,
                "global_size_limit": 0,
                "override_target": ""
            }
        }
    },
    "uptime_tests": {
        "check_list": [],
        "config": {
            "expire_utime_after": 0,
            "service_discovery": {
                "use_discovery_service": false,
                "query_endpoint": "",
                "use_nested_query": false,
                "parent_data_path": "",
                "data_path": "",
                "port_data_path": "",
                "target_path": "",
                "use_target_list": false,
                "cache_timeout": 60,
                "endpoint_returns_list": false
            },
            "recheck_wait": 0
        }
    },
    "proxy": {
        "preserve_host_header": false,
        "listen_path": "/udg-andrey-nado/",
        "target_url": "",
        "disable_strip_slash": true,
        "strip_listen_path": true,
        "enable_load_balancing": false,
        "target_list": [],
        "check_host_against_uptime_tests": false,
        "service_discovery": {
            "use_discovery_service": false,
            "query_endpoint": "",
            "use_nested_query": false,
            "parent_data_path": "",
            "data_path": "",
            "port_data_path": "",
            "target_path": "",
            "use_target_list": false,
            "cache_timeout": 0,
            "endpoint_returns_list": false
        },
        "transport": {
            "ssl_insecure_skip_verify": false,
            "ssl_ciphers": [],
            "ssl_min_version": 0,
            "ssl_max_version": 0,
            "ssl_force_common_name_check": false,
            "proxy_url": ""
        }
    },
    "disable_rate_limit": false,
    "disable_quota": false,
    "custom_middleware": {
        "pre": [],
        "post": [],
        "post_key_auth": [],
        "auth_check": {
            "name": "",
            "path": "",
            "require_session": false,
            "raw_body_only": false
        },
        "response": [],
        "driver": "",
        "id_extractor": {
            "extract_from": "",
            "extract_with": "",
            "extractor_config": {}
        }
    },
    "custom_middleware_bundle": "",
    "cache_options": {
        "cache_timeout": 60,
        "enable_cache": true,
        "cache_all_safe_requests": false,
        "cache_response_codes": [],
        "enable_upstream_cache_control": false,
        "cache_control_ttl_header": "",
        "cache_by_headers": []
    },
    "session_lifetime": 0,
    "active": true,
    "internal": false,
    "auth_provider": {
        "name": "",
        "storage_engine": "",
        "meta": {}
    },
    "session_provider": {
        "name": "",
        "storage_engine": "",
        "meta": {}
    },
    "event_handlers": {
        "events": {}
    },
    "enable_batch_request_support": false,
    "enable_ip_whitelisting": false,
    "allowed_ips": [],
    "enable_ip_blacklisting": false,
    "blacklisted_ips": [],
    "dont_set_quota_on_create": false,
    "expire_analytics_after": 0,
    "response_processors": [],
    "CORS": {
        "enable": false,
        "allowed_origins": [
            "*"
        ],
        "allowed_methods": [
            "GET",
            "POST",
            "HEAD"
        ],
        "allowed_headers": [
            "Origin",
            "Accept",
            "Content-Type",
            "X-Requested-With",
            "Authorization"
        ],
        "exposed_headers": [],
        "allow_credentials": false,
        "max_age": 24,
        "options_passthrough": false,
        "debug": false
    },
    "domain": "",
    "certificates": [],
    "do_not_track": false,
    "tags": [],
    "enable_context_vars": false,
    "config_data": {},
    "tag_headers": [],
    "global_rate_limit": {
        "rate": 0,
        "per": 0
    },
    "strip_auth_data": false,
    "enable_detailed_recording": false,
    "graphql": {
        "enabled": true,
        "execution_mode": "executionEngine",
        "version": "2",
        "schema": "type Mutation {\n  default: String\n}\n\ntype Query {\n  default: String\n}\n\nenum MyEnum {\n  VALUE_A\n  VALUE_B\n}\n\ninput MyInput {\n  fieldA: MyEnum!\n  fieldB: String\n}\n\ninput StringInput {\n  field: String\n}\n\ninput ReviewInput {\n  stars: Int! = 5\n  commentary: String\n}\n\nextend type Mutation {\n  myMutation(myInput: MyInput!): Boolean\n  stringMutation(string: String): String\n  stringInputMutation(stringInput: StringInput!): String\n  reviewInputMutation(input: ReviewInput!): String\n}\n",
        "last_schema_update": "2022-06-01T13:40:08.599Z",
        "type_field_configurations": [],
        "playground": {
            "enabled": false,
            "path": ""
        },
        "engine": {
            "field_configs": [],
            "data_sources": []
        },
        "proxy": {
            "auth_headers": {}
        },
        "subgraph": {
            "sdl": ""
        },
        "supergraph": {
            "subgraphs": [],
            "merged_sdl": "",
            "global_headers": {},
            "disable_query_batching": false
        }
    }
}

If mine doesn’t work for you then can you share your API definition file?

1 Like

Hello @Olu and thanks for the quick reply.

In my setup I have a supergraph API (which is used as an entry point to all underlying APIs) and a single subgraph API.

Supergraph API:

{
  "api_id": "ebf5ecc5-2bff-4700-aabf-28ddb08483b4",
  "auth_configs": {
    "authToken": {
      "auth_header_name": "Authorization"
    }
  },
  "enable_jwt": false,
  "id": "ebf5ecc5-2bff-4700-aabf-28ddb08483b4",
  "name": "GraphQL API",
  "org_id": "",
  "proxy": {
    "listen_path": "/api/",
    "strip_listen_path": true
  },
  "state": "active",
  "use_basic_auth": false,
  "use_keyless": true,
  "version_data": {
    "not_versioned": true,
    "versions": {
      "Default": {
        "name": "Default",
        "use_extended_paths": true
      }
    }
  },
  "enable_coprocess_auth": false,
  "graphql": {
    "schema": "type Query {\n  characters(filter: FilterCharacter, page: Int): Characters\n}\n\ninput FilterCharacter {\n  name: String\n  status: String\n  species: String\n  type: String\n  gender: String! = \"M\"\n}\n\ntype Characters {\n  info: Info\n  results: [Character]\n}\n\ntype Info {\n  count: Int\n  next: Int\n  pages: Int\n  prev: Int\n}\n\ntype Character {\n  gender: String\n  id: ID\n  name: String\n}",
    "enabled": true,
    "engine": {
      "field_configs": [],
      "data_sources": []
    },
    "type_field_configurations": [],
    "execution_mode": "supergraph",
    "proxy": {
      "auth_headers": {}
    },
    "subgraph": {
      "sdl": ""
    },
    "supergraph": {
      "updated_at": "2022-03-11T16:08:13.774Z",
      "subgraphs": [
        {
          "api_id": "sw",
          "name": "SW API",
          "url": "tyk://sw-api/",
          "sdl": "type Query {\n  characters(filter: FilterCharacter, page: Int): Characters\n}\n\ninput FilterCharacter {\n  name: String\n  status: String\n  species: String\n  type: String\n  gender: String! = \"M\"\n}\n\ntype Characters {\n  info: Info\n  results: [Character]\n}\n\ntype Info {\n  count: Int\n  next: Int\n  pages: Int\n  prev: Int\n}\n\ntype Character {\n  gender: String\n  id: ID\n  name: String\n}"
        }
      ],
      "merged_sdl": "type Query {\n  characters(filter: FilterCharacter, page: Int): Characters\n}\n\ninput FilterCharacter {\n  name: String\n  status: String\n  species: String\n  type: String\n  gender: String! = \"M\"\n}\n\ntype Characters {\n  info: Info\n  results: [Character]\n}\n\ntype Info {\n  count: Int\n  next: Int\n  pages: Int\n  prev: Int\n}\n\ntype Character {\n  gender: String\n  id: ID\n  name: String\n}",
      "global_headers": {}
    },
    "version": "2",
    "playground": {
      "enabled": true,
      "path": "/playground"
    },
    "last_schema_update": "2022-03-11T16:08:13.774Z"
  }

}

Please pay atttention to the following GraphQL input type with a required field with default value:

input FilterCharacter {
  name: String
  status: String
  species: String
  type: String
  gender: String! = "M"
}

Subgraph API:

{
  "api_id": "sw",
  "auth_configs": {
    "authToken": {
      "auth_header_name": "Authorization"
    }
  },
  "enable_jwt": false,
  "id": "sw",
  "name": "SW API",
  "org_id": "",
  "proxy": {
    "listen_path": "/sw-api/",
    "target_url": "https://rickandmortyapi.com/graphql",
    "strip_listen_path": true
  },
  "state": "active",
  "use_basic_auth": false,
  "use_keyless": true,
  "version_data": {
    "not_versioned": true,
    "versions": {
      "Default": {
        "name": "Default",
        "use_extended_paths": true
      }
    }
  },
  "enable_coprocess_auth": false,
  "slug": "sw-api",
  "graphql": {
    "schema": "type Query {\n  characters(filter: FilterCharacter, page: Int): Characters\n}\n\ninput FilterCharacter {\n  name: String\n  status: String\n  species: String\n  type: String\n  gender: String\n}\n\ntype Characters {\n  info: Info\n  results: [Character]\n}\n\ntype Info {\n  count: Int\n  next: Int\n  pages: Int\n  prev: Int\n}\n\ntype Character {\n  gender: String\n  id: ID\n  name: String\n}",
    "enabled": true,
    "engine": {
      "field_configs": [],
      "data_sources": []
    },
    "type_field_configurations": [],
    "execution_mode": "subgraph",
    "proxy": {
      "auth_headers": {}
    },
    "subgraph": {
      "sdl": "type Query {\n  characters(filter: FilterCharacter, page: Int): Characters\n}\n\ninput FilterCharacter {\n  name: String\n  status: String\n  species: String\n  type: String\n  gender: String\n}\n\ntype Characters {\n  info: Info\n  results: [Character]\n}\n\ntype Info {\n  count: Int\n  next: Int\n  pages: Int\n  prev: Int\n}\n\ntype Character {\n  gender: String\n  id: ID\n  name: String\n}"
    },
    "version": "2",
    "playground": {
      "enabled": true,
      "path": ""
    },
    "last_schema_update": "2022-03-11T15:34:44.408Z"
  },
  "internal": true
}

tyk.conf

{
  "listen_port": 8080,
  "secret": "4c0a9fac-f06d-4032-8cb2-31c85a7c9705",
  "template_path": "/opt/tyk-gateway/templates",
  "tyk_js_path": "/opt/tyk-gateway/js/tyk.js",
  "middleware_path": "/opt/tyk-gateway/middleware",
  "use_db_app_configs": false,
  "app_path": "/opt/tyk-gateway/apps/",
  "storage": {
    "type": "redis",
    "host": "redis",
    "port": 6379,
    "username": "",
    "password": "",
    "database": 0,
    "optimisation_max_idle": 2000,
    "optimisation_max_active": 4000
  },
  "enable_analytics": false,
  "analytics_config": {
    "type": "csv",
    "csv_dir": "/tmp",
    "mongo_url": "",
    "mongo_db_name": "",
    "mongo_collection": "",
    "purge_delay": -1,
    "ignored_ips": []
  },
  "health_check": {
    "enable_health_checks": false
  },
  "optimisations_use_async_session_write": true,
  "enable_non_transactional_rate_limiter": true,
  "enable_sentinel_rate_limiter": false,
  "enable_redis_rolling_limiter": false,
  "allow_master_keys": false,
  "policies": {
    "policy_source": "mongo",
    "policy_path": "/opt/tyk-gateway/policies",
    "policy_record_name1": "/opt/tyk-gateway/policies/policies.json"
  },
  "hash_keys": true,
  "close_connections": false,
  "http_server_options": {
    "enable_websockets": true
  },
  "allow_insecure_configs": false,
  "coprocess_options": {
    "enable_coprocess": true,
    "python_path_prefix": "/opt/tyk-gateway",
    "coprocess_grpc_server": ""
  },
  "enable_bundle_downloader": true,
  "bundle_base_url": "http://tyk-gateway-mw-bundles/",
  "global_session_lifetime": 100,
  "force_global_session_lifetime": false,
  "max_idle_connections_per_host": 500,
  "control_api_port": 8081
}

Sample request that works:

query ExampleQuery {
    characters(
        filter: {
            gender: "M"
        }
    ) {
        results {
            gender
            name
        }
    }
}

Sample request that fails:

query ExampleQuery {
    characters(
        filter: {
        }
    ) {
        results {
            gender
            name
        }
    }
}

Snippet from Tyk logs with an error description:

time="Jun 02 11:34:16" level=debug msg="Started proxy"
time="Jun 02 11:34:16" level=debug msg="Stripping proxy listen path: /api/"
time="Jun 02 11:34:16" level=debug msg="Upstream path is: /"
time="Jun 02 11:34:16" level=debug msg=Started api_id=ebf5ecc5-2bff-4700-aabf-28ddb08483b4 api_name="GraphQL API" mw=ReverseProxy org_id= ts=1654169656876355179
time="Jun 02 11:34:16" level=debug msg="Upstream request URL: /" api_id=ebf5ecc5-2bff-4700-aabf-28ddb08483b4 api_name="GraphQL API" mw=ReverseProxy org_id=
time="Jun 02 11:34:16" level=debug msg="Outbound request URL: " api_id=ebf5ecc5-2bff-4700-aabf-28ddb08483b4 api_name="GraphQL API" mw=ReverseProxy org_id=
time="Jun 02 11:34:16" level=error msg="http: proxy error: could not render JSON variable, validation failed: /: {} "gender" value is required" api_id=ebf5ecc5-2bff-4700-aabf-28ddb08483b4 api_name="GraphQL API" mw=ReverseProxy org_id= prefix=proxy server_name= user_id=-- user_ip=127.0.0.1 user_name=
time="Jun 02 11:34:16" level=debug msg=Finished api_id=ebf5ecc5-2bff-4700-aabf-28ddb08483b4 api_name="GraphQL API" mw=ReverseProxy ns=319389 org_id=
time="Jun 02 11:34:16" level=debug msg="Upstream request took (ms): 0.327658"
time="Jun 02 11:34:16" level=debug msg="Done proxy"

Thanks for sharing a sample API definition and the steps. I have reproduced the issue and can confirm it’s bug. We are currently working on it and I will update this thread as soon I get the latest.

1 Like