Not sure what I did more than just deploying the schema and heading to the API Explorer to see that no schema is available. The schema that got deployed looked like this (with the actual projectId).
type User {
name: String @search(by:[exact,fulltext])
}
# Dgraph.Authorization { "JWKURL": "https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com", "Audience": "** projectId **", "Header": "Authorization" }
Created a new backend and deployed this exact schema (with namespace).
The deployment was successful but after a page refresh was the schema unavailable again.
@minhaj we should fix this behavior and even if there is a space after # we should still be able to read the Dgraph.Authorization header. Accepting this as an issue to be fixed.
Hey @Isak, the exact format of Authorization header in the schema is that it there should be space between # and Dgraph.Authorization and hence it should be # Dgraph.Authorization. If there is no space between them, Dgraph won’t recognize it as a valid Authorization Header and don’t even try to parse it. That is why you are not facing any error which you faced earlier.
The error is related to the formatting of the header. For example if there is a space or not as discussed earlier. I can’t give exact details because of the amount of different schemas I tried. But I’m t has to do with the formatting and parsing for sure.
Hi, I have successfully authenticated against firebase via an authorization string in the schema as above. It works great. If I pass no/invalid token or an expired token my frontend request is rejected.
However when I have anonymous access allowed and completely exclude my firebase token key:value from the request header the backend returns the request!.
If I define authentication like this in my schema, to ensure a request is coming from an authenticated user, then completely omit token key value pair from the header (i.e. act like a completely unauthenticated user) shouldn’t the request be rejected?
Please share your @auth rule and graphql request. It should not be rejected if the auth header is not there, but your results should be empty, as the rule will fail, not the request.
Hi, my query is the generated queryTask query (from the tutorials in the documentation). My fetch request is:
fetch(
‘https://.aws.cloud.dgraph.io/graphql’,
{
method: ‘POST’,
headers: {
‘Content-Type’: ‘application/json’,
},
body: JSON.stringify({
query: this.operationsDoc,
})
I’m not talking about applying specific authorisation rules against queries and mutations in the schema - I have none defined at this point of my jedi-training. I’m looking at authentication of users against firebase so that any request hitting my graphql backend is effectively rejected (i.e, error and empty result) if the firebase token is missing, invalid, expired etc. I can do this as stated above with the following in the schema:
If I include my firebase token in the headers I get the expected result - an empty results set and appropriate error, but excluding the token from the header as above returns the query results. I understand from earlier posts that there is an official firebase authentication example/tutorial in the works - is there an eta?
It sounds like you understand the process fine. However, you do not want it to reject a query with no header. If a user is not logged in, you should be able to query public data. You must use @auth rules to secure data for only users that are logged in, or with certain roles etc. If you want to secure all data, simply make @auth rules on all types.
Hey @Kim_Easton, you need to add ClosedByDefault: true in your authorization header.
Please see this.
Then it will allow user to query data if only valid jwt is passed along with the Authorization Header.