Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Fusion doesn't work if both subgraphs and Fusion servers use authorisation

See original GitHub issue

Is there an existing issue for this?

  • I have searched the existing issues

Product

Hot Chocolate

Describe the bug

If two subgraphs and Fusion servers use authorisation, both have ApplyPolicy defined and a conflict occurs in Fusion server. Theoretically you can use IgnoreType when configuring Fusion Server, but it doesn’t work.

Steps to reproduce

  1. Create two subgraphs servers, each with an AddAuthorisation configuration.
  2. Create FusionServer also with AddAuthorisation configuration
  3. Run Fusion server
  4. Try to reload fusion schema in Banana Cake Pop
  5. Error from log section appears

Relevant log output

Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware[1]
      An unhandled exception has occurred while executing the request.
      HotChocolate.SchemaException: For more details look at the `Errors` property.

      1. The name `ApplyPolicy` was already registered by another type. (HotChocolate.Authorization.ApplyPolicyType)

         at HotChocolate.Configuration.TypeRegistry.Register(String typeName, RegisteredType registeredType)
         at HotChocolate.Configuration.TypeInitializer.CompleteTypeName(RegisteredType registeredType)
         at HotChocolate.Configuration.TypeInitializer.<CompleteNames>b__23_0(RegisteredType type)
         at HotChocolate.Configuration.TypeInitializer.ProcessTypes(TypeDependencyFulfilled fulfilled, Func`2 action)
         at HotChocolate.Configuration.TypeInitializer.CompleteNames()
         at HotChocolate.Configuration.TypeInitializer.Initialize()
         at HotChocolate.SchemaBuilder.Setup.InitializeTypes(SchemaBuilder builder, IDescriptorContext context, IReadOnlyList`1 types)
         at HotChocolate.SchemaBuilder.Setup.Create(SchemaBuilder builder, LazySchema lazySchema, IDescriptorContext context)
         at HotChocolate.SchemaBuilder.Create(IDescriptorContext context)
         at HotChocolate.SchemaBuilder.HotChocolate.ISchemaBuilder.Create(IDescriptorContext context)
         at HotChocolate.Execution.RequestExecutorResolver.CreateSchemaAsync(ConfigurationContext context, RequestExecutorSetup setup, RequestExecutorOptions executorOptions, IServiceProvider schemaServices, TypeModuleChangeMonitor typeModuleChangeMonitor, CancellationToken cancellationToken)
         at HotChocolate.Execution.RequestExecutorResolver.CreateSchemaServicesAsync(ConfigurationContext context, RequestExecutorSetup setup, CancellationToken cancellationToken)
         at HotChocolate.Execution.RequestExecutorResolver.GetRequestExecutorNoLockAsync(String schemaName, CancellationToken cancellationToken)
         at HotChocolate.Execution.RequestExecutorResolver.GetRequestExecutorAsync(String schemaName, CancellationToken cancellationToken)
         at HotChocolate.Execution.RequestExecutorProxy.GetRequestExecutorAsync(CancellationToken cancellationToken)
         at HotChocolate.AspNetCore.HttpPostMiddlewareBase.HandleRequestAsync(HttpContext context)
         at HotChocolate.AspNetCore.HttpPostMiddlewareBase.InvokeAsync(HttpContext context)
         at Microsoft.AspNetCore.Builder.EndpointRouteBuilderExtensions.<>c__DisplayClass20_0.<<UseCancellation>b__1>d.MoveNext()
      --- End of stack trace from previous location ---
         at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
         at Symfonia.Admin.Api.GraphQL.Middlewares.LoadPlatformSchemaMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in C:\TFS\Core2\src\modules\Admin\Symfonia.Admin.Api.GraphQL\Middlewares\LoadPlatformSchemaMiddleware.cs:line 43
         at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
      --- End of stack trace from previous location ---
         at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
         at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
      --- End of stack trace from previous location ---
         at Symfonia.Api.Middlewares.EnableRequestBodyBufferingMiddleware.InvokeAsync(HttpContext context) in C:\TFS\Core2\src\Symfonia.Api\Middlewares\EnableRequestBodyBufferingMiddleware.cs:line 14
         at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
         at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)

Additional Context?

No response

Version

13.3.1

Issue Analytics

  • State:closed
  • Created 2 months ago
  • Comments:9 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
michaelstaibcommented, Jul 30, 2023

Its not a bug as we have not implemented any authorization on the fusion gateway. At the moment its not supported. With the current version authorization is supposed to be handled by the subgraph.

We have a feature for authorization on the backlog for version 13.8.

I am closing this issue as it is by design that the gateway has no authorization capabilities as of now.

This is expected:

I had header propagation configured and it works fine when subgraph has authorisation and fusion server does not.

0reactions
Meh3commented, Jul 30, 2023

Ps: I’m writing from the perspective of a larger company that has a cloud platform and many products around it with a single point of access.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Building Relay Schemas with Fusion - YouTube
Hi everyone, In this episode, I will look take a dive into HotChocolate Fusion and show you how you can build relay compliant...
Read more >
"Server Verification Warning: Unable to validate a security ...
The fallowing warning appears when starting or using the Fusion 360: Server Verification Warning Unable to validate a security certificate.
Read more >
Fusion transcripts and their genomic breakpoints in ...
Fusion genes are typically identified by RNA sequencing (RNA-seq) without elucidating the causal genomic breakpoints.
Read more >
Property Graph Developer's Guide
Allowing graph server users to publish graphs or share graphs with other users which originate from the Oracle Database breaks the database authorization...
Read more >
Troubleshooting
Navigate to Settings API Keys to do so and make sure it has privileges to create users and registrations. This will open up...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

An error "JSON cannot deserialize the given value." when use Federation and JsonType properties in the models of internal service

Next page

Generated query response is empty