graphql-platform AddAuthorization adds unused ApplyPolicy enum to schema, and [Authorize] adds no @authorize directives

Product

Hot Chocolate

Version

13.8.1

Link to minimal reproduction

See zip below

Steps to reproduce

Repro zip: HotChocolateBugRepro.zip

It's possible this is two separate bugs, but they are at least related:

Calling .AddGraphQLServer().AddAuthorization() will make an unused ApplyPolicy enum show up in the schema. This is the case even if .TrimTypes() is used.
When using [Authorize], no @authorize directive appears in the schema. Based on the docs and the v13 blog post, it is my understanding that this directive should appear in the schema.

What is expected?

When the @authorize directive is not used in the schema, I expect also the ApplyPolicy enum to not be present.

When using [Authorize], I expect the ´@authorize´ directive to be present.

What is actually happening?

The ApplyPolicy enum is present in the schema even if it not used, and even it TrimTypes is used.

The @authorize directive to be present even when using [Authorize].

Relevant log output

No response

Additional context

No response

Feb 16 '24 06:02 cmeeren

This is mistakenly labelled Area: F#. The repro code is C#.

May 15 '24 07:05 cmeeren

Any update on this? I'm trying to design a schema with non-nullable authorized fields and not being able to communicate that is a big issue.

If someone could point me to the problem area (i.e. where the directives are supposed to be added) I could have a crack at fixing it.

Sep 13 '24 14:09 Cyberboss

Found the issue. The directive is marked as internal. It shows up when using ISchema.Print() but not in the API. I couldn't find any way to override this behavior either.

https://github.com/ChilliCream/graphql-platform/blob/99e38a7594324af03efa5ac45c2f7be04a4bd275/src/HotChocolate/Core/src/Authorization/AuthorizeDirectiveType.cs#L26

Sep 13 '24 21:09 Cyberboss

Got a workaround:

public sealed class PublicAuthorizeDirectiveTypeInterceptor : TypeInterceptor
{
	/// <inhertidoc />
	public override void OnBeforeRegisterDependencies(ITypeDiscoveryContext discoveryContext, DefinitionBase definition)
	{
		if (definition is DirectiveTypeDefinition dtd
			&& dtd.Name == "authorize")
		{
			dtd.IsPublic = true;
		}

		base.OnBeforeRegisterDependencies(discoveryContext, definition);
	}
}

services
	.AddGraphQLServer()
	.AddAuthorization()
	.TryAddTypeInterceptor<PublicAuthorizeDirectiveTypeInterceptor>()
	...

Sep 13 '24 22:09 Cyberboss

Pardon me, I've been commenting on the wrong issue.

Sep 13 '24 22:09 Cyberboss

This seems like a very straight forward change to make. Is there anything stopping this change from moving forward? Also, the workaround above did not work for me. I just outputs the directive definition but doesn't annotate anything in the schema.

Oct 23 '24 16:10 joeyj

Its by design internal. We do not want to expose authorization internals to the user.

Oct 23 '24 19:10 michaelstaib

What about folks who do want this information in the schema? Seems like an odd design choice especially when this directive is supported in schema first.

Oct 23 '24 21:10 joeyj

Are two issues getting mixed here? Please check the OP. This issue is about AddAuthorization() adding an unused ApplyPolicy enum to the schema even if .TrimTypes() is used (it should be trimmed away in that case), and @authorize not being added to the schema when [Authorize] is used (contrary to my understanding of the docs and the v13 blog post).

Oct 23 '24 21:10 cmeeren

I'm referring to the @authorize directive not being added to the schema. I was mentioning that the @authorize directive is supported in schema-first which makes its omission in introspection strange IMO.

Oct 23 '24 23:10 joeyj