Pattern for not accidently returning too much in the payload of a mutation? #4716

Answered by PascalSenn

wondering639 asked this question in Q&A

wondering639
Feb 1, 2022

Imagine a mutation createUser with the input/fields

username
password

Obviously, in the payload of the mutation one doesn't want to return sensible informations like the password, but only e.g. the id of the new user and the username itself.

Is there any best practice on how to prevent returning sensible informations, e.g. doing accidently something like return user (where user is a object with Username, Password, Id properties) ?

Answered by PascalSenn

you would most always return a payload.
checkout https://chillicream.com/docs/hotchocolate/defining-a-schema/mutations/#conventions

I guess you should ignore the password field anyway on the user.

View full answer

Replies: 1 comment

PascalSenn
Feb 1, 2022
Maintainer

you would most always return a payload.
checkout https://chillicream.com/docs/hotchocolate/defining-a-schema/mutations/#conventions

I guess you should ignore the password field anyway on the user.

0 replies

Answer selected by wondering639

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment