Comments (10)
Its not a bug as we have not implemented any authorization on the fusion gateway. At the moment its not supported. With the current version authorization is supposed to be handled by the subgraph.
We have a feature for authorization on the backlog for version 13.8.
I am closing this issue as it is by design that the gateway has no authorization capabilities as of now.
This is expected:
I had header propagation configured and it works fine when subgraph has authorisation and fusion server does not.
from graphql-platform.
You need to configure header propagation
from graphql-platform.
https://thecodeblogger.com/2021/05/25/request-header-propagation-in-net-core-web-applications/
from graphql-platform.
I had header propagation configured and it works fine when subgraph has authorisation and fusion server does not. The problem is when the fusion server also has authorisation. In my repro steps no request is even sent to subgraphs and problems occur. The fusion server can't even be initialised because the ApplyPolicy enum type appears twice in the fusion graph (or at least that is how I understand it from the log).
from graphql-platform.
Thanks for reopening. I'm wondering if this should be marked as a bug rather than a question?
Can you give us a rough estimate of when we can expect a fix?
Thanks
from graphql-platform.
We are also not sure yet if there should be authorization in the gateway as this would duplicate logic that is already executed on the subgraphs. We are still discussing this topic internally. Join the fusion channel on slack as we are constantly posting the current roadmap there and giving hints as to how we implement certain aspects of the roadmap.
from graphql-platform.
slack.chillicream.com
from graphql-platform.
Thanks for the answer.
I think authorisation on the fusion server side would be beneficial. It would be nice to have a global common authentication and authorisation and not have to repeat it (or use it) on every subgraph/application. So the need is to have authentication/authorisation (at least the common part) on the gateway side and not on the subgraph side.
from graphql-platform.
Ps:
I'm writing from the perspective of a larger company that has a cloud platform and many products around it with a single point of access.
from graphql-platform.
@michaelstaib referring to your comment about Fusion and authorization, on Jul 30 you said authorization for fusion was on the backlog for 13.8. I see now that we've jumped from 13.7 to 14.0 preview. Does the preview have authorization? Also as far as contacting you via Slack, which you mention in your class as well as in this thread, my company does not allow slack in house so unfortunately ATM this is my best known way of communicating with you. Any better alternatives?
from graphql-platform.
Related Issues (20)
- StreamResult attribute leads to abnormal IResolverContext data
- Require non-null `first` when using `RequirePagingBoundaries=true` and `AllowBackwardPagination=false` HOT 2
- Types.Analyzer generates invalid class names when assembly contains certain characters HOT 1
- Subscriptions via StrawberryShake emit errors and handlers never fire. HOT 1
- Documentation for Hotchocolate.AspNetClassic HOT 1
- Subscription on blazor wasm client does not work with SSE protocol
- ApplyPolicy.Validation does not work with Relay node endpoint HOT 2
- Defer running a parent resolver if all the retrieved fields are deferred
- Make Banana Cake Pop accessible when .RequireAuthorization() is appeneded to .MapGraphQL() or update Banana Cake Pop to feature a log in dialog HOT 2
- Strawberry Shake tries to build *.graphql files that have been excluded from the project HOT 1
- Add `IntervalType` for NodaTime HOT 2
- Projection on UnionTypes leads to an Unable to cast Exception HOT 1
- Strawberry Shake does not add interfaces of queries as services to DI container
- Add interfaces for Connections and Edges
- Breaking Federation V1 support in 13.9.0 and up HOT 1
- AllowIntrospection validation from SchemaBuilder
- Unable to resolve type reference `IDictionary<String, Object> (Output)`. (HotChocolate.Types.ObjectType<HistoryEntryAllergyIntolerance>)
- Strawberry Shake generates multiple date fields with same name type date and Date are query parameters
- When using aliases with incorrect field names, red squiggly is anchored on the alias, not the field name HOT 1
- Exponential growth of selections in OperationCompiler for dynamic objects
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from graphql-platform.