I am currently trying out DGraph on a free cloud instance for some side project, and after creating the schema, I added an @auth
directive, together with the necessary config as can be seen in the docs:
type Device @auth(query: {rule: "query ($ID: [ID!]) {queryDevice(filter: {id: $ID}) {__typename} }"}) {
id: ID!
displayName: String!
isOnline: Boolean!
lastSeen: DateTime!
}
# Dgraph.Authorization {"VerificationKey": "password123", "Header": "X-Auth", "Namespace": "https://app.me/jwt/claims", "Algo": "HS256"}
Now if I add 2 devices to the database, and generate a JWT (using jwt.io) that contains the claim ID
with the id of one of the devices, put it into the right header, and then make this query:
query {
queryDevices {
id
}
}
I get ... two results. This is odd since according to the auth rule, the JWT I created doesn't have the authorization to query one of the two devices. But it gets even more confusing: I tried putting some gibberish into the ID
claim of the JWT, and as long as it is properly signed, I still have access to the data. Now you could think the auth rule just doesn't work entirely, but that isn't the case either. If I leave out the ID
claim altogether, no data is returned, which makes sense, since the auth rule depends on the claim and the docs clearly state that the rule is not fulfilled in the case of a missing claim.
I have to say I am pretty new to GraphQL and DGraph especially, but after looking through the docs, general googling, asking AI tools like phind, and 3+ hours of experimenting (not just inside DGraph's API explorer, but also in an external API tester), I really don't have a clue what I am doing wrong here. Maybe someone who is more experienced with DGraph can shed light on this situation.
Thanks for considering Dgraph for your development. You correctly wrote the rule. I gave it a shot, we may have a bug specifically of 'id' test actually. Rule is working well on other types of fields where the filter syntax is { name : { eq : 'value'}}.
Could you please create a bug report at https://github.com/dgraph-io/dgraph/issues/new/choose?