Open Shentoza opened 1 week ago
Shane32
commented
1 week ago Yeah it’s supposed to be independent. Why don’t you try the authorization library included in GraphQL.Server.Transports.AspNetCore instead? It uses policies defined by ASP.Net Core and has a fuller feature set within GraphQL as well. Plus it’s pretty customizable if you need special behavior.
Shentoza
commented
1 week ago I looked into that and that's what im doing now. I wasn't quite sure where the boundaries of the Asp .NET auth features and GraphQL .NET were, but that makes sense. e.g. The "AuthorizationAttribute" is simply not a from the auth package but rather a GraphQL Attribute, which is what I got wrong, but hoped to extend easily
Shane32
commented
1 week ago Sounds good. Check the docs at https://github.com/graphql-dotnet/server?tab=readme-ov-file#authorization-configuration for details on:
When using .AddAuthorization it would be great that it would be able to access IAuthorizationPolicyProvider instead of having to add every Policy manually. Currently I don't think that's really possible , which makes it hard to dynamically set some new policies without registering them all beforehand.
or is that one of the limitations mentioned that it doesn't properly use the "Microsoft.AspNetCore.Authorization" features?