search

graphql-dotnet / authorization

A toolset for authorizing access to graph types for GraphQL .NET.
MIT License
157 stars 38 forks source link

question - Authorize only without policy #296

Closed stephenlautier closed 1 week ago

stephenlautier commented 1 week ago

How to get this.Authorize() to work?

Following your samples managed to get this.AuthorizeWithPolicy("default") to work however the basic one i cannot get it to work, and i cannot find any DefaultPolicy similar to ASPNET

e.g.

options.DefaultPolicy = new AuthorizationPolicyBuilder()
    .AddAuthenticationSchemes()
    .RequireAuthenticatedUser()
    .RequireClaim("scope", "XXX")
    .Build()

Some of my code highlighting some key points

// configure GQL Auth
.AddAuthorization(settings =>
{
    settings.AddPolicy("default", policy => policy.RequireAuthenticatedUser());
})

// setting user
.ExecuteAsync(opts =>
    opts.User = User;

// graph type
this.AuthorizeWithPolicy("default"); // works
this.Authorize(); // doesnt work
Shane32 commented 1 week ago

This package has not been updated with functionality for Authorize, AuthorizeWithRoles and AllowAnonymous. See v5 migration guide. Please use the authorization rule in the GraphQL.NET Server repo instead, and remove the reference to this nuget package.

Shane32 commented 1 week ago

Following the link to the server repo's instructions, you will find transport-level authorization configuration settings, which restricts access to the endpoint, similar to an ASP.NET Core default policy. Instructions are also included if you want to allow access to introspection requests or a portion of your schema via AllowAnonymous.

stephenlautier commented 1 week ago

Thank you for your response!