GraphQL introspection returns 500 Internal Server Error

Summary

GraphQL introspection queries against gitlab.com/api/graphql are returning 500 Internal Server Error when authenticated with access token.

  • Standard GraphQL queries work normally.
  • The GraphQL Explorer handles introspection without issue when authenticated via browser session:
{
  __schema {
    types {
      name
    }
  }
}

This breaks any tooling that relies on schema fetching, such as the Python gql client with fetch_schema_from_transport=True.

Steps to reproduce

  1. Using curl (token authentication):

Standard query: returns 200

curl -s -w "\nHTTP %{http_code}" \
  -H "Authorization: Bearer $GITLAB_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"query":"{ currentUser { username } }"}' \
  https://gitlab.com/api/graphql

Introspection query: returns 500

curl -s -w "\nHTTP %{http_code}" \
  -H "Authorization: Bearer $GITLAB_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"query":"{ __schema { types { name } } }"}' \
  https://gitlab.com/api/graphql

2. Using the Python gql client:

from gql import Client, gql
from gql.transport.requests import RequestsHTTPTransport

transport = RequestsHTTPTransport(
    url="https://gitlab.com/api/graphql",
    headers={"Authorization": "Bearer <token>"},
)

# Fails: introspection triggers 500
client = Client(transport=transport, fetch_schema_from_transport=True)

# Works: skipping introspection
client = Client(transport=transport, fetch_schema_from_transport=False)
result = client.execute(gql("{ currentUser { username } }"))

Workaround

Disable introspection in the client:

client = Client(transport=transport, fetch_schema_from_transport=False)

What is the current bug behavior?

Introspection queries authenticated with a Bearer token return: {'message': 'Internal server error'}

Relevant logs and/or screenshots

Output of checks

This bug happens on GitLab.com

Results of GitLab environment info

Expand for output related to GitLab environment info 

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

High-severity bug remediation

To remediate high-severity issues requiring an internal release for single-tenant SaaS instances, refer to the internal release process for engineers.

typebug

Edited by 🤖 GitLab Bot 🤖