DF0036: RPC Call Rejected — Not Authorized
Message
RPC call to "
{name}" was rejected: the caller is not authorized.
Cause
startHttpAndWs was configured with an authorize gate (either directly, or via a DevframeAuthHandler passed as auth) and the calling session hasn't satisfied it — the call is neither to an anonymous:-prefixed method (see isAnonymousRpcMethod) nor made by a trusted session.
Example
ts
import { startHttpAndWs } from 'devframe/node'
import { createInteractiveAuth } from 'devframe/recipes/interactive-auth'
const auth = createInteractiveAuth(ctx)
await startHttpAndWs({ context: ctx, port: 9999, auth })
// A browser that hasn't completed the handshake yet can still reach the
// handshake methods themselves…
await client.call('anonymous:devframe:auth', { authToken: '', ua, origin })
// …but any other method throws DF0036 until the handshake succeeds.
await client.call('some-plugin:do-something') // ✗ throws DF0036Fix
- Complete the auth handshake — call
anonymous:devframe:authwith a previously-issued token, oranonymous:devframe:auth:exchangewith a one-time code — before calling a trusted method. - Connect with a static/pre-shared token (
createInteractiveAuth'sclientAuthTokensoption) for CI or shared-machine setups that should skip the interactive prompt. - If you supplied a custom
authorizefunction, verify it allows the method you expect — it receives the raw method name and the session'smeta(isTrusted,clientAuthToken, …).
Source
packages/devframe/src/node/server.ts—startHttpAndWs's resolver throws this whenauthorize/auth.authorizerejects a call.