Comments (11)
Currently u could also just do it like .AuthorizeWith(""); or some other non existing policy name. If the policy doesnt exists the user is also authorized.
from authorization.
@Fireblade954 that is no longer allowed with this issue fixed (PR merged) #15
Thank you for the suggestion
from authorization.
Easiest way I found to-do with was:
(at whatever levels you need)
new FieldType
{
...
Metadata = dRules // This field lets us define properties anything in the resolver pipeline can use
...
}
Usage sample here:
#6
But this one of those - roll it like you need it cases.
from authorization.
I think the issue of using the policies found in the GraphQL document is much broader and in some way relates to #6. Now I see the problem that it's not just enought to make auth check immediately when walking over AST. There should be some new component that accumulates all found policies to apply and then ... do something with them. In your case this component should filter policies to allow some priority model. In other cases it can modify/add policies, I don't know exactly. Such a view will allow not to mix different tasks in a bunch. One task - find all appliable checks with theirs context from input document. Another task - use somehow that information before performing checks. Ping @joemcbride @Shane32 .
from authorization.
In other words, the need to fulfill the defined policies depends on the state of the entire AST.
from authorization.
Or how do you like this solution - allow to remove validation errors from ValidationContext
. Imagine AuthorizePublicRequirement
that may check AST to see if it can safely put away validation error if INode
from that error points to parent query/mutation/etc. Implement that "safely" may be a bit tricky though.
from authorization.
the need to fulfill the defined policies depends on the state of the entire AST.
I think this is the main thing.
from authorization.
I’m not sure I understand exactly what you suggested @sungam3r . I would comment on the original issue/suggestion, and say I agree, but I’m not exactly sure how. I think of ASP.Net where you can specify AllowAnonymous to make a specific action accessible regardless of the authentication attribute on the parent.
For GraphQL.NET it would be nice if all those conditions are precomputed when the schema is built to save on execution time at runtime.
from authorization.
Yesterday I reflected a lot about possible ways to implement. All decisions coming to the head, one way or another were associated with difficulties. Difficulties not only technical details, but also design. As a result, I came to the conclusion, which seems to me the easiest solution to the problem - no need to invent any sophisticated ways to override policies. The easiest, understandable and least erroneous way is to develop your schema in accordance with the required policies:
type Query {
public: PublicApi! no authorization here
authorized : AuthorizedApi! authorized with some requirements
}
type PublicApi {
login(input: LoginInput!): LoginResult!
help(message: String!): FeedbackResult!
otherPublicFields: ...
}
type AuthorizedApi {
author(input: AuthorInputType!): String,
otherFields: ...
}
These are so called namespace-types or role-types. Another example:
query {
viewer {
getNews
getAds
}
me {
nickname
photo
}
admin {
shutdown
exposePersonalData
}
}
In this case, several qualities are achieved at once:
- Schema is well-decomposed
- Authorization requirements for fields are intuitively understandable.
- No changes in Authorization project at all. The implementation remains simple.
I could speculate some time about how to change the mechanism of policies checks, but I strongly doubt that this will lead to a decent solution.
from authorization.
@dnndevelopernc I close this for now. Reopen if you have further questions.
from authorization.
@sungam3r I don’t think we should close this issue. Redesigning the schema isn’t typically an acceptable solution for most users. The feature request isn’t unreasonable and is probably a good idea.
from authorization.
Related Issues (20)
- Checking for a valid JWT and integrating with a Refresh-Token-Workflow HOT 10
- UNAUTHENTICATED error code HOT 3
- In AuthorizationValidationRule.cs the method CheckAuth is called multiple times. Why? HOT 4
- ETA for v4? HOT 18
- IAuthorizationRequirement is not sent the same variable names as those in IResolveField context HOT 2
- ClaimsPrincipal not retrived trying to use AuthorizeWith in GraphQL queries HOT 6
- Any example for schema first auth example? HOT 2
- How to get a status code 401 when not authorized HOT 6
- Move GraphQLAuthExtensions from Harness into new package HOT 6
- Add docs about IAuthorizationSkipCondition and DI
- Method 'ValidateAsync' in type 'GraphQL.Authorization.AuthorizationValidationRule' from assembly 'GraphQL.Authorization, Version=4.0.0.0 HOT 7
- Question: AuthorizeWithPolicy is being ignored HOT 10
- GraphQL .net authorization with JWT token HOT 7
- AddGraphQLAuth no longer works after switching to Middleware HOT 1
- Return 401 and 403 status code HOT 5
- Is this library still relevant with GraphQL 7+ HOT 22
- Tag 2.1.29 Release? HOT 7
- Graphql Authorization not working HOT 4
- Faulty reference HOT 6
- How to login user and return token and id ? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authorization.