Determine path between two nodes as filter within @auth directive


I wish to know if it is possible have a filter in @auth directive based on a path existing between a node id provided in the JWT (user id) and the node being fetched. My current understanding is that this is not possible using the GraphQL API in Dgraph at all?

Exactly what the network looks like between the start and finish node is not something I want to concern myself with at all in the @auth-directive. I want to be able manage how and customize that intermediary network that represents the authorization independently.

Edit. added a diagram, let’s say I query for resources and want to filter for “User I” having a path to each resources Write node in my @auth directive, then I should only get Resource X returned.

Basically, you want to do DQL queries for @aith rules?

1 Like

Yes. That would be one way of solving it, assuming I can embed a DQL query.

What I am describing is commonly called Fine grained authorization and if you already have a graph database you wouldn’t need an external product such as Auth0 FGA. It seems like the @auth directive is already halfway there.

So if you ask me, adding support for generating kshortestpath and recurse queries in graphql would be super nice if that could solve it.

I read the documentation a little bit more but I’m not clear if this is something I can add. Like with a @custom query etc. So any ideas are welcome.

Not available at this time. This can be a feature request though.