Authorization setup not preventing access (at least locally)

I have spent the day trying to get Authorization to work in my local Dgraph instance, but have been unable to block access to the server in the first place.

I have a user node with a rule that should prevent queries from going through

type User @auth(
		query: { rule: "{ $NeverHere: { eq: \"anything\" } }" }
) {

and I have added the Dgraph.Authorization note at the bottom of my schema:

# Dgraph.Authorization {"VerificationKey":"<AUTH0-APP-PUBLIC-KEY>","Header":"X-Auth-Token","Namespace":"","Algo":"RS256","Audience":["<AUTH0-APP-CLIENT-ID>"]}

Based on the docs and the tutorials, my code described above should be preventing me from querying users, but that is not the case, I can query them without trouble.

What else do I need to do for authorization to “take effect”?

What does your query look like? Are you running GraphQL queries or DQL?

GraphQL. Here is the whole Query:

type User @auth(
		query: { rule: "{ $NeverHere: { eq: \"anything\" } }" }
) {
	id: ID! 
	email: String
	emailAddresses: [EmailAddress!] @hasInverse(field:user)
	displayName: String @search(by: [term])
	fullName: String
	profileImage: String 
	biography: String 
	expertise: [String] 
	interests: [String] 
	public: Boolean @search
	walletAddresses: [CryptoAddress] 
	organizations: [OrganizationUser]
	unestablishedSmartContracts: [SmartContractUnestablished] @hasInverse(field:owner)
	agreements: [AgreementSignatory] @hasInverse(field:user)
	creationDate: DateTime

Okay, that is the schema, how about the query, with either getUser or queryUser or some other top level query

Ah yes, sorry:

(This is abbreviated, but should clarify how I am calling it)

export const GET_USER = gql`
  query queryUser($userId: [ID!]) {
    queryUser(filter: { id: $userId }) {
      emailAddresses {
        user {

All that looks correct. So what version are you using? And I will try to replicate this.

Looks like its the latest / 21.12

To be clear, I have it running on localhost. I don’t know if that impacts the way it sets up the authorization settings

1 Like

Hey, I am still working through this, but the issue seems to be that the updated schema was not applying even though I ran the command to apply it. The yarn command I use is the following. I would have expected an error, but it just says “Done”

    "schema": "curl -X POST localhost:8080/admin/schema --data-binary '@dgraph/schema.graphql'",

Apparently I had a bug in the schema that I wasn’t noticing because I didn’t get any indication that publishing had failed

Did you try to increase the verbosity level and set the graphql debug mode of the alpha ?
It could help to have hints when you push your schema and query the data.

see ./dgraph alpha --help