Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Getting `AUTH_NOT_AUTHORIZED ` in version 13.0.0 and later

See original GitHub issue

Is there an existing issue for this?

  • I have searched the existing issues

Product

Hot Chocolate

Describe the bug

Starting with version 13.0.0-rc8/13.0.0 all type fields with a [Authorize(Policy = "SomePolicy")] annotation are now always returning an AUTH_NOT_AUTHORIZED error:

{
  "errors": [
    {
      "message": "The current user is not authorized to access this resource.",
      "extensions": {
        "code": "AUTH_NOT_AUTHORIZED"
      }
    }
  ]
}

Until version 13.0.0.-rc7 and without code changes everything works as expected.

Our implementation is very closed on what is described on the HC documentation.

I’ve checked both the release notes and migration guide on the website, but couldn’t find an clue.

I would be very thankful for any hint. At the moment we have to stick at version 13.0.0-rc7.

Steps to reproduce

I’ve prepared two demo projects for both version 13.0.0-rc7 and 13.0.1 with instructions about how to reproduce the issue. https://github.com/marcel-rudolph/hc13-issue-demo

Relevant log output

There are no further exceptions or log messages beside the above posted response example.

Additional Context?

No response

Version

13.0.1

Issue Analytics

  • State:closed
  • Created 7 months ago
  • Reactions:3
  • Comments:12 (8 by maintainers)

github_iconTop GitHub Comments

3reactions
michaelstaibcommented, Feb 21, 2023

yes and no 😃

YouTube episode is coming tomorrow.

youtube.chillicream.com

3reactions
PascalSenncommented, Feb 17, 2023

@WalissonPires I believe this is because the policy now by default runs on validation. So there will not be a resolver context and this is also why you get a HttpContext.

If you want to run it not on validation but BEFORE_RESOLVER then you have to specify it:

[Authorize(Policy = "SomePolicy", Apply=ApplyPolicy.BEFORE_RESOLVER)]

@psiservices-dbrink i agree this should go in the docs

Read more comments on GitHub >

github_iconTop Results From Across the Web

bearer token seems not work - Unable to authenticate the ...
What happened: I try to use the bearer token visit kubernet /healthz interface through script: #!/bin/bash token=$(echo $1|base64 -d) echo ...
Read more >
Firebase Auth domain not authorized error despite being ...
InvalidOperationException: 'Auth domain is not among the authorized ones. I researched on Google and found this guide ...
Read more >
Authorization failed. You are not authorized to perform this ...
I'm attempting to make a request to the "upload document" endpoint in order to upload a new document. Authentication Method: I'm using basic ......
Read more >
Duo Administration - Policy & Control
Configuring the authentication policy within Duo's global policy affects all Duo application and all users — whether the user is enrolled in Duo...
Read more >
The auth is not working in .net core web api?
I created a project and in startup.cs add app.UseAuthentication(); and app.UseAuthrization(); and services.AddAuthentication().
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Directive types for validations attributes do not work anymore

Next page

Parallel execution of mutations