Comments (9)
Github took out my angle brackets. second paragraph should read: GraphQLSettings defines a BuildUserContext with a Task of type object, but the readme code tries to use it as a Task of type GraphQLUserContext. I fixed by redefining BuildUserContext to use a Task of type GraphQLUserContext.
from authorization.
Same here. I'm struggling with authorization as well. I'm a real noob and I need a very simple file structure to start
from authorization.
Same issue here. Can't find that 'GraphQLMiddleware' bit anywhere, unless it is supposed to be a custom class?
from authorization.
Yes the middleware is a custom class. See the examples repo.
from authorization.
Over a year later... docs still aren't fixed, and code seems to have drifted even further from the example. It's hard to tell if this library is even supported, or if I'm wasting my time trying to implement it.
from authorization.
I also worry that I do not have the time (and sometimes the energy) to support the project as I would like it to.
from authorization.
@zaneclaes The readme will never contain all of the code necessary for a fully working server, there are too many moving pieces with a GraphQL server. The code in the readme is to get the basic concepts across.
Can you point out what you feel is a problem with the readme? What do you feel like should be "fixed"? I have reviewed it and there is only a single item that is missing from the 3.0 refactor.
This is an advanced feature to a server and expects some prior knowledge.
from authorization.
Perhaps one option is to not have ASP.NET Core specifics in the readme, just make it a console app. That would shorten the example and perhaps remove the confusion around actually wiring things up to a server.
from authorization.
Added a "basic sample" project, and updated the readme with a Console app which you can just copy/paste to see it work.
Sample.csproj
:
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>netcoreapp3.1</TargetFramework>
</PropertyGroup>
<ItemGroup>
<ProjectReference Include="..\GraphQL.Authorization\GraphQL.Authorization.csproj" />
</ItemGroup>
<ItemGroup>
<PackageReference Include="GraphQL.SystemTextJson" Version="3.0.0.2026" />
<PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="3.1.9" />
</ItemGroup>
</Project>
Program.cs
:
namespace BasicSample
{
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.Extensions.DependencyInjection;
using GraphQL;
using GraphQL.Types;
using GraphQL.Validation;
using GraphQL.SystemTextJson;
using GraphQL.Authorization;
class Program
{
static async Task Main(string[] args)
{
var services = new ServiceCollection();
services.AddSingleton<IAuthorizationEvaluator, AuthorizationEvaluator>();
services.AddTransient<IValidationRule, AuthorizationValidationRule>();
services.AddTransient(s =>
{
var authSettings = new AuthorizationSettings();
authSettings.AddPolicy("AdminPolicy", p => p.RequireClaim("role", "Admin"));
return authSettings;
});
var serviceProvider = services.BuildServiceProvider();
var definitions = @"
type User {
id: ID
name: String
}
type Query {
viewer: User
users: [User]
}
";
var schema = Schema.For(
definitions,
_ =>
{
_.Types.Include<Query>();
});
// remove claims to see the failure
var authorizedUser = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim("role", "Admin") }));
var json = await schema.ExecuteAsync(_ =>
{
_.Query = "{ viewer { id name } }";
_.ValidationRules = serviceProvider
.GetServices<IValidationRule>()
.Concat(DocumentValidator.CoreRules);
_.RequestServices = serviceProvider;
_.UserContext = new GraphQLUserContext { User = authorizedUser };
});
Console.WriteLine(json);
}
}
public class GraphQLUserContext : Dictionary<string, object>, IProvideClaimsPrincipal
{
public ClaimsPrincipal User { get; set; }
}
public class Query
{
[GraphQLAuthorize(Policy = "AdminPolicy")]
public User Viewer()
{
return new User { Id = Guid.NewGuid().ToString(), Name = "Quinn" };
}
public List<User> Users()
{
return new List<User> { new User { Id = Guid.NewGuid().ToString(), Name = "Quinn" } };
}
}
public class User
{
public string Id { get; set; }
public string Name { get; set; }
}
}
from authorization.
Related Issues (20)
- Checking for a valid JWT and integrating with a Refresh-Token-Workflow HOT 10
- UNAUTHENTICATED error code HOT 3
- In AuthorizationValidationRule.cs the method CheckAuth is called multiple times. Why? HOT 4
- ETA for v4? HOT 18
- IAuthorizationRequirement is not sent the same variable names as those in IResolveField context HOT 2
- ClaimsPrincipal not retrived trying to use AuthorizeWith in GraphQL queries HOT 6
- Any example for schema first auth example? HOT 2
- How to get a status code 401 when not authorized HOT 6
- Move GraphQLAuthExtensions from Harness into new package HOT 6
- Add docs about IAuthorizationSkipCondition and DI
- Method 'ValidateAsync' in type 'GraphQL.Authorization.AuthorizationValidationRule' from assembly 'GraphQL.Authorization, Version=4.0.0.0 HOT 7
- Question: AuthorizeWithPolicy is being ignored HOT 10
- GraphQL .net authorization with JWT token HOT 7
- AddGraphQLAuth no longer works after switching to Middleware HOT 1
- Return 401 and 403 status code HOT 5
- Is this library still relevant with GraphQL 7+ HOT 22
- How to read graphql query from authorization requirement ?
- Graphql Authorization not working HOT 4
- Faulty reference HOT 6
- How to login user and return token and id ? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authorization.