authorization icon indicating copy to clipboard operation
authorization copied to clipboard
verified publisher icon graphql-dotnet

Arguments Empty When Trying Authorize

Open andrejohansson opened this issue 6 years ago • 6 comments

I'm trying to authorize a field by validating it´s input arguments in a custom policy. My policy gets executed correctly but the Arguments property of the AuthorizationContext variable is always empty. What do I need to do in order to get this populated?

Field Definition

            Field<DeviceContextType>(
                name: "deviceContext",
                description: "Get device context data by id.",
                arguments: new QueryArguments(
                    new QueryArgument<IdGraphType> {Name = "id"},
                    new QueryArgument<IdGraphType> {Name = "organizationId"}
                ),
                resolve: context => new DeviceContext
                {
                   // my dummy object here
                }
            ).AuthorizeWith<DeviceQueryPolicy>();

DeviceQueryPolicy

    public class DeviceQueryPolicy : IAuthorizationPolicy
    {
        public DeviceQueryPolicy(IDependencyResolver resolver)
        {
            Requirements = new[]
            {
                new DeviceIdMatchOrganizationIdRequirement(resolver),
            };
        }

        public IEnumerable<IAuthorizationRequirement> Requirements { get; }
    }

DeviceIdMatchOrganizationIdRequirement

        public async Task Authorize(AuthorizationContext context)
        {
            // Arguments is always empty here! Why?
            if (!context.Arguments.ContainsKey("id") 
                || !context.Arguments.ContainsKey("organizationId")) {
                context.ReportError("Organization have no access rights to this device");
                return;
            }

Query

# Passing along two arguments
{
  devices {
    deviceContext(
      id: "26748243-9D9D-4E9A-A890-718A46D2C0D5"
      organizationId: "26748243-9D9D-4E9A-A890-718A46D2C0D5"
    ) {      
      active
    }
  }
}

andrejohansson avatar Apr 10 '19 13:04 andrejohansson

AuthorizationContext.Arguments is probably a poorly named property. Those are actually the Input Variables and not the Arguments to the field.

joemcbride avatar Apr 10 '19 17:04 joemcbride

I think I'm mixing things up here, which Input variables do you mean?

andrejohansson avatar Apr 10 '19 21:04 andrejohansson

@andrejohansson The variables that you pass in to a GraphQL Query.

https://graphql-dotnet.github.io/docs/getting-started/variables

joemcbride avatar Jun 04 '19 19:06 joemcbride

Is there any way to access to the field's arguments from the AuthorizationContext in order to use them in the auth logic?

joacoleza avatar Jun 06 '19 14:06 joacoleza

@joacoleza only if you use variables really. These rules run before execution so don’t have direct access to the arguments.

joemcbride avatar Jun 06 '19 15:06 joemcbride

Ok. I guess that I will have to add that kind of authorization on the resolver itself, right?

joacoleza avatar Jun 06 '19 17:06 joacoleza