graphql icon indicating copy to clipboard operation
graphql copied to clipboard

Published 20 hours ago verified publisher icon neo4j

`@auth` directive can be used without an `auth` plugin being provided

Open darrellwarde opened this issue 2 years ago • 2 comments

Describe the bug

It appears that the @auth directive can be used without an auth plugin being provided. An error should be thrown from type definition validation if this case occurs, with a helpful error message as to what needs to be done.

darrellwarde avatar Mar 04 '22 10:03 darrellwarde

Many thanks for raising this bug report @darrellwarde. :bug: We will now attempt to reproduce the bug based on the steps you have provided.

Please ensure that you've provided the necessary information for a minimal reproduction, including but not limited to:

  • Type definitions
  • Resolvers
  • Query and/or Mutation (or multiple) needed to reproduce

If you have a support agreement with Neo4j, please link this GitHub issue to a new or existing Zendesk ticket.

Thanks again! :pray:

neo4j-team-graphql avatar Mar 04 '22 10:03 neo4j-team-graphql

We've been able to confirm this bug using the steps to reproduce that you provided - many thanks @darrellwarde! :pray: We will now prioritise the bug and address it appropriately.

neo4j-team-graphql avatar Mar 08 '22 13:03 neo4j-team-graphql

Being able to use a hand-crafted context including @auth-related properties is a feature, not a bug, imho.

Helpful error messages would be nice, if properties required by @auth are actually missing in the context, with or without plugin.

mklinger avatar Mar 22 '23 19:03 mklinger

This will now be closed, with a warning message logged if using the new authorization directives without the feature enabled in 3.23.0.

darrellwarde avatar Jul 06 '23 13:07 darrellwarde