[Bug] @auth on interface does not respect or-rules

Steps to reproduce:


interface Ownable
    query: {
      or: [
        { rule: "{$ROLE: { eq: \"ADMIN\" }}" }
          rule: "query($USERNAME: String!) { queryOwnable(filter: { username: {eq: $USERNAME }}) { username }}"
  ) {
  username: String! @search(by: [hash])

type Foo implements Ownable {
  value: Int!

# Dgraph.Authorization {"VerificationKey":"totallysecret","Header":"Auth","Namespace":"lol","Algo":"HS256"}

Admin-Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsb2wiOnsiUk9MRSI6IkFETUlOIiwiVVNFUk5BTUUiOiJhZG1pbiJ9LCJpYXQiOjE1MTYyMzkwMjJ9.9KgpRXR-OhOBiw7Ay-VTqhitIjtHKW_Fj6cmjIO3dAo

User-Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsb2wiOnsiUk9MRSI6IlVTRVIiLCJVU0VSTkFNRSI6InVzZXIifSwiaWF0IjoxNTE2MjM5MDIyfQ._3dQECNABiKoE3lptCDaw5xCKMTxSeewak1Mzc2wUCE

1. Create Foo

mutation {
  addFoo(input: {
    username: "user"
    value: 1
  }) {
    foo {

2. Set User-Token and queryOwnable

query {
  queryOwnable {

–> you see the requested data

3. Set Admin-Token and queryOwnable

–> List is empty

Expected behaviour

I expect that the or-rule is used also on the interface for auth-checking and that the result is not empty when using the admin-token.

When using queryFoo instead, results are as expected!

Current workaround

When omitting USERNAME from the JWT, it’s working.


Hi! Did you manage to reproduce this?

I have the same behavior using the delete-mutation.

Hey @maaft, Thanks for reporting the issue. I have reproduced it locally and will try to come up with the fix soon.

1 Like

This bug is fixed in the master. See this PR

1 Like

Awesome - that was! Thank you !