GraphQL Authentication choosing wrong schema when applying field rules

[danieltott]

Problem:

When querying the graphQL endpoint not as a logged-in user via GraphQL Authentication, but just using a Craft GraphQL schema token (via Authorization: Bearer ....), GraphQL Authentication is still applying the field rules but applying rules from the wrong Schema (seems to be always using Public).

I would expect GraphQL Authentication to either ignore requests that aren't coming through the JWT auth, or choose the correct Schema.

Craft Version

Craft Pro 4.3.6.1 (latest at this time)

GraphQL Authentication version

2.3.0 (latest at this time)

To reproduce:

I've created a reproduction repo with instructions on how to recreate this bug - it's pretty straight forward.

To recreate on your own setup:

• Create a GraphQL Schema that has access to entries with the field in question
• In GraphQL Authentication -> Settings -> Fields, set the field to Private with the Public Schema, but Query/Mutate in the new Schema
• Test that the query works in GraphiQL
• Make a request to the GraphQL endpoint querying that field with a Authorization: Bearer {token} (not the GraphQL Authentication JWT header)

You'll get an error response like this:

{
  "errors": [
    {
      "message": "User doesn't have permission to access requested field(s)"
    }
  ]
}

[jamesedmonston]

@danieltott sounds like this is related to the changes made here.

Thanks for your detailed issue and repro! I'll get it sorted.

Thanks!

[jamesedmonston]

@danieltott fixed in 2.3.1!