Question: How to add individual auth rules to custom queries/mutations?

BenW · August 4, 2021, 9:45am

The docs state:

You can add custom queries to the Query type

type Query {
    myCustomQuery(...): QueryResultType @custom(...)
}

So presumably if I want to add an auth rule to that custom query I do the following:

type Query @auth(
  query: { rule: "{ $ROLE: { eq: \"ADMIN\" } }" }
){
    myCustomQuery(...): QueryResultType @custom(...)
}

…and if it were a mutation:

type Mutation @auth(
  add: { rule: "{ $ROLE: { eq: \"ADMIN\" } }" }
  update: { rule: "{ $ROLE: { eq: \"ADMIN\" } }" }
  delete: { rule: "{ $ROLE: { eq: \"ADMIN\" } }" }
){
    myCustomMutation(...): MutationResult @custom(...)
}

…??

Or would it actually be:

type Query @auth(
  myCustomQuery: { rule: "{ $ROLE: { eq: \"ADMIN\" } }" }
){
    myCustomQuery(...): QueryResultType @custom(...)
}

type Mutation @auth(
  myCustomMutation: { rule: "{ $ROLE: { eq: \"ADMIN\" } }" }
){
    myCustomMutation(...): MutationResult @custom(...)
}

…?

Now what about if I have multiple custom queries/mutations that I want different auth rules for? Would I do it like this?:

type Query @auth(
  query: { rule: "{ $ROLE: { eq: \"ADMIN\" } }" }
){
    myCustomQuery(...): QueryResultType @custom(...)
}

type Query @auth(
  query: { rule: "{ $ROLE: { eq: \"SUPERADMIN\" } }" }
){
    mySecondCustomQuery(...): QueryResultType @custom(...)
}

Or like this?:

type Query @auth(
  myCustomQuery: { rule: "{ $ROLE: { eq: \"ADMIN\" } }" }
  mySecondCustomQuery: { rule: "{ $ROLE: { eq: \"SUPERADMIN\" } }" }
){
    myCustomQuery(...): QueryResultType @custom(...)
    mySecondCustomQuery(...): QueryResultType @custom(...)
}

amaster507 · August 4, 2021, 11:32am

I believe there is currently no support for auth rules on custom queries/mutations. But when there is such I would believe the format to be similar to:

type Query {
  myCustomQuery: [CustomRemoteType] @auth(query: ...) @custom(...)
}

type Mutation {
  myCustomMutation: [CustomRemotePayload] @auth() @custom(...)
}

I am not sure how the custom mutation auth directive rules will look but unless the directive schema is updated it would have to be one of: query, add, update, delete.

I think there is somewhat support for auth in custom queries but not like the above. Instead if you return a regular type it uses the rules of that type not any rules of the custom query… i remember seeing it in a PR/release notes but haven’t used it

Topic		Replies	Views
Mutations - Graphql Documentation	1	1117	December 10, 2021
WIP: Auth rules custom DQL query Dev graphql , rfc	7	1420	August 4, 2021
Is it possible to allow certain graphql mutations to only be executed by a lambda? GraphQL kind:question , lambda	4	1233	August 8, 2021
Restrict visibility of graphql mutation and queries GraphQL	4	934	July 30, 2020
Query auth-rules mask graphql error propagation GraphQL kind:bug	4	858	April 6, 2021

Question: How to add individual auth rules to custom queries/mutations?

Related topics