Auth Rule Not Working, Returning All My Users When Trying To Just Get Only One

Can somebody please explain to me why this schema is returning all the users in my graph for me…

My Schema:

type User @auth(
  query: {
		rule: "query($USER_ID: ID!){queryUser(filter:{id:[$USER_ID]}){id}}"
  }
)
{
  id: ID!
	username: String! @id
}


    
# Dgraph.Authorization {"VerificationKey":"<verification-key-here>","Header":"X-My-App-Auth","Namespace":"https://my.app.io/jwt/claims","Algo":"HS256","Audience":["aud1","aud5"]}

MY JWT:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJVU0VSX0lEIjoiMHg0NWUwMGIyMzIzMTUzIiwiaWF0IjoxNjI0NzMzNDk0fQ.9LOGS29TH-vwJFHQfAmYGE-hLo71AMFJqaQlIfkRloI

JWT Payload: { USER_ID: "0x45e00b2323153" }

My Query:

query MyQuery {
  queryUser {
    id
  }
}

My Result

{
  "queryUser": [
    {
      "id": "0x457ac5c1"
    },
    {
      "id": "0x45ad653b"
    },
    {
      "id": "0x45ad65c4"
    },
    {
      "id": "0x45ad65c5"
    },
    {
      "id": "0x45ad65c6"
    },
    {
      "id": "0x45ad65c7"
    },
    {
      "id": "0x45ad65c8"
    },
    {
      "id": "0x45ad65c9"
    },
    {
      "id": "0x45ad65ca"
    },
    {
      "id": "0x45ad65cb"
    },
    {
      "id": "0x45ad65cc"
    },
    {
      "id": "0x45ad65cd"
    },
    {
      "id": "0x45ad65ce"
    },
    {
      "id": "0x45ad65cf"
    }]
}

I was hoping to only have access to only my self as the user >_> Why is everyone else showing up. Please help!!

Are you using 21.03? If not the namespace has to be in https://my.app.io/jwt/claims.

J

I’m using v21.03.0-56-gc900f96b3

Do I have to have Namespace? Can I just omit it, I just want to be able to be able to get myself as the User or am I designing or thinking about this completely wrong?

If you have 21.03, then standard claims should work fine.

I can’t see anything wrong with it, hopefully someone else has an idea!

J

Does filtering by ID like that work for you just fine? Maybe something underneath, like my actual Dgraph instance might be messed up…

Did you ever get this working? Very curious, as I can’t seem anything wrong with your code, and it may be a bug…

J

Nope, never got it working. Spent around over 12 hours trying to debug this thing … I’m just not using Dgraph to handle my auth lol…

I am wondering if it is something to do with the id. I tested it with @id and it works fine.

Try to use getUser (no arrays) instead of queryUser. I know it should work fine with the @id field (instead of ID) as well.

J