Attaching Directives To Auto-Generated Queries and Mutations

Hi according to the source above, when the @hasScope directive has been enabled, the auto-generated queries and mutations will require valid JWT which with the necessary scope claim.

Since neo4j-graphql.js automatically adds Query and Mutation types to the schema, these auto-generated fields cannot be annotated by the user with directives. To enable authorization on the auto-generated queries and mutations, simply enable the hasScope directive and it will be added to the generated CRUD API with the appropriate scope for each operation

How do I figure out which scope has been added for each operation? Every time, I run a query it simply returns a 'You are not authorized for this resource' error message.

For example, I tried adding the scope 'User:Read' to the JWT that my server generates. However this does not authorize a user to query the User Object type. See example below:

.

Do you have a copy of your schema? How are you applying the directive?

I am stuck in the same spot. I manage to query when I have a simple @isAuthenticated directive on types, and when I generate my schema with:

const schema = graphql.makeAugmentedSchema({
typeDefs,
mutations: true,
config: {
auth: {
isAuthenticated: true,
hasRole: true,
},
},
});

If I generate my schema with

const schema = graphql.makeAugmentedSchema({
typeDefs,
mutations: true,
config: {
auth: {
isAuthenticated: true,
hasRole: true,
hasScope: true,
},
},
// schemaDirectives: { hasScope: MyHasScopeDirective },
});

then I cannot figure out for the life of me what scopes I need to add to my token. I have tried many combinations e.g. "Read:User", "User:Read", "User:Query", etc. to no avail. The doc doesn't say what scopes are required so I am shooting in the dark.

My workaround was to specify custom scopes in type definitions.

// For example:
type Query {
    User: [User] @hasScope(scopes:["User:read"])
}

Then I add the scope into my JWT payload..

^ good workaround

I ended up writing a custom directive:

const schema = graphql.makeAugmentedSchema({
typeDefs,
mutations: true,
config: {
auth: {
isAuthenticated: true,
hasRole: true,
hasScope: true,
},
},
schemaDirectives: { hasScope: MyHasScopeDirective },
});

My directive printed out the requested scope. Turns out the generated scopes have a space between the node label and the operation, e.g. "Actor: Read".

I also ended up keeping this custom directive and handled authorizations there because it become tedious to add so many scopes to my JWT token. So instead, I rely on roles more, and use scopes as needed.