After adding the Dgraph.Authorization directive as in here: Using Firebase Authentication - GraphQL every mutation / query became unusable
Shared instance of v21.03.0-78-ge4ad0b113
Edition:
- Dgraph Cloud (GraphQL feature)
- Dgraph On-Prem (EE)
- Dgraph (community edition)
Schema:
type User {
username: String! @id @search(by: [hash])
displayName: String
avatarImg: String
nodes: [Node] @hasInverse(field: "createdBy")
}
type Node
@auth(
query: {
rule: """
query($USER: String!) {
queryNode {
createdBy(filter: { username: { eq: $USER } }) {
username
}
}
}
"""
}
) {
id: ID!
title: String!
topic: String!
externalId: String
description: String
url: String
date: String
origin: String
thumbnailUrl: String
createdBy: User!
attachedTo: Node
approvedConnections: [Node] @hasInverse(field: "attachedTo")
}
Dgraph.Authorization {“JWKUrl”:“jwk-url”, “Namespace”: "dgraph-namespace, “Audience”: [“project-id”], “Header”: “X-Auth-Token”}
I verified the kid parameter from JWKUrl and IdToken and it matches
I verified that the Audience matches the aud parameter of IdToken and it matches
I verified that the USER field under custom claim matches the username of User whose node is being queried and it matches
I verified the IdToken itself to make sure it didn’t expire.
I used the generated queryNode, getNode, getUser and queryUser operations
query MyQuery {
queryNode(filter: {id: "0x1a4fdf3e72"}) {
topic
}
getUser(username: "Whatever") {
displayName
avatarImg
}
queryUser(filter: {username: {eq: "Whatever"}}) {
displayName
avatarImg
}
}
Result:
{
"data": null,
"errors": [
{
"message": "Operations not allowed -- [queryNode getUser queryUser]"
}
]
}
It doesn’t really matter what query / mutation is run because all of them are unusable regardless of the @auth directive. Users cannot be queried / mutated either. Even when the @auth directive is removed, the problem persists.