Karthikeyan-Vijayan

Results 3 comments of Karthikeyan-Vijayan

allow rule on @auth is not throwing FORBIDDEN error when rule is not satisfied on CREATE mutation

Users are created using following mutation: ```graphql mutation($input: [UserCreateInput!]!) { createUsers(input: $input) { users { id name } } } { "input": [ { "name": "test" }, { "name": "test2"...

allow rule on @auth is not throwing FORBIDDEN error when rule is not satisfied on CREATE mutation

> We just want to reconfirm this against 3.0.2, as we did some bug fixing in the auth space. I tried to reproduce this with version 3.0.3. The problem still...

@auth directive can allow information leak to unauthorized users

This is already mentioned in the Neo4jGraphQL library docs (https://neo4j.com/docs/graphql-manual/current/troubleshooting/security/). But it is not under Auth topic