Auth directive rule compare against Boolean

having a valid JWT with the following data:

{ "IS_ALLOWED_ACCESS": true }

How can I compare this in auth rules?

I have tried:

{ rule: "{$IS_ALLOWED_ACCESS: true}"}
{ rule: "{$IS_ALLOWED_ACCESS: { eq: true }}"}
{ rule: "{$IS_ALLOWED_ACCESS: { eq: \"true\" }}"}

The last one validates but it doesn’t seem to equate out to satisfy the rule.

In the docs it is done like:

Ensuring that requests are from an authenticated JWT, and no further restrictions, can be done by arranging the JWT to contain a value like “isAuthenticated”: “true”. For example,

type User @auth(
    query: { rule:  "{$isAuthenticated: { eq: \"true\" } }" },
) {
    username: String! @id
    todos: [Todo]
}

But that is comparing a string with the value of true. A boolean is a valid JSON value: https://stackoverflow.com/a/39352374/1707323

Currently, we don’t support boolean variables in RBAC. The values have to be passed as a string. But we have plans to improve the RBAC rules like having other comparison operators, support multiple data types like int, bool, and support for anyofterms, allofterms, etc.

1 Like