I live nearish to a military base so a lot of local businesses have a military/veteran discount.

At the store I buy dog food at, the staff are so tired of asking about it that they have shortened “are you a member of the military?” to “any military?”

After I noticed it a few times that every single employee in the store shortened it that way, I started answering “there is one, but I’m not in it.”

Loooots of blank stares. I stopped since apparently nobody gets it or they don’t think it’s funny. I think it’s the former but idk 🤷

Keep at it! The end of Ship of Destiny ends up paying off. A lot of Hobb books have that kinda “slow burn” thing going where it feels like a slog til the last 30% of the final part of a trilogy and then it goes super hard

Dark Place was amazing and stupid. Totally forgot about that one

Many GraphQL and gRPC APIs do exactly that and return HTTP 200 even if the request didn’t auth.

Just because you are heavily biased toward using HTTP status for application layer errors doesn’t make it right. It is so wildly common that people can’t imagine it working another way, and I get that.

But it’s not “wrong” to do application layer auth status codes and apply no transport layer auth status codes It’s just a different paradigm than most devs are used to.

What do you mean? You can literally run GraphQL without HTTP. This isn’t just a GraphQL-ism, gRPC also does it https://grpc.io/docs/guides/status-codes/

I understand that most people use GraphQL over HTTP and that from a developer perspective you’d rather have HTTP status codes like every other REST API. To which I’d say, why don’t you just use REST instead?

There are a bunch of legitimate reasons why a clean separation of transport layer and application layer makes sense - you just aren’t using them so it feels like an arbitrary frustration to you.

Have you ever run an application like a golang REST API behind an envoy or nginx proxy or load balancer and gotten an HTTP status 500 back and wrongly assumed it was coming from your application/golang code, only to later find it was a problem at the proxy or load balancer? If so, you’ve experienced the misdirection of combining transport and application layer being forced to share a status field. This isn’t a trivial example - time is wasted every day by developers misdiagnosing errors originating from transport as application errors, and vice versa.

You might not like it, but separating them IS smart design.

That’s true, but for a good reason. GraphQL is transport agnostic, so using HTTP status to represent errors doesn’t make sense. HTTP is just a carrier for GraphQL, and the status code represents whether or not the HTTP part was successful.

Alcohol

Ghost of Tsushima is amazing! I’m not usually the biggest open world fan, but that one really worked for me

That’s the funnest part of all: we don’t