I have spent the day trying to get Authorization to work in my local Dgraph instance, but have been unable to block access to the server in the first place.
I have a user node with a rule that should prevent queries from going through
type User @auth(
query: { rule: "{ $NeverHere: { eq: \"anything\" } }" }
) {
and I have added the Dgraph.Authorization
note at the bottom of my schema:
# Dgraph.Authorization {"VerificationKey":"<AUTH0-APP-PUBLIC-KEY>","Header":"X-Auth-Token","Namespace":"https://dgraph.io/jwt/claims","Algo":"RS256","Audience":["<AUTH0-APP-CLIENT-ID>"]}
Based on the docs and the tutorials, my code described above should be preventing me from querying users, but that is not the case, I can query them without trouble.
What else do I need to do for authorization to “take effect”?