Hi according to the source above, when the @hasScope directive has been enabled, the auto-generated queries and mutations will require valid JWT which with the necessary scope claim.
Since neo4j-graphql.js automatically adds Query and Mutation types to the schema, these auto-generated fields cannot be annotated by the user with directives. To enable authorization on the auto-generated queries and mutations, simply enable the
hasScopedirective and it will be added to the generated CRUD API with the appropriate scope for each operation
How do I figure out which scope has been added for each operation? Every time, I run a query it simply returns a 'You are not authorized for this resource' error message.
For example, I tried adding the scope 'User:Read' to the JWT that my server generates. However this does not authorize a user to query the User Object type. See example below: