Hey guys! Need some help. I am trying to implement a customised directive implementation where I want to hide/unhide a certain field in the return object based on the internal authorization decision. Eg:

directive @authz_decision on FIELD_DEFINITION

type Query {
  getEmployee(id: ID): Employee
}

type Employee {
  id: ID!
  displayName: String! @authz_decision
  age: Integer 
  gender: String 
}

In this case - I want to write a customised directive where I will compute authorization for a field (internal authorization system) and based on the outcome, I can send back the field in the response or remove the field. I looked at this link - https://opensource.expediagroup.com/graphql-kotlin/docs/schema-generator/customizing-schemas/directives/ And figured a way to inject directives into the configuration - but they don’t seem to be invoked at the runtime (at the query), instead, they get executed at the server startup. Request help & advice! Thanks!

I can send back the field in the response or remove the field.

this violates GraphQL contract, if user requests field

A

then the response should contain field

A

if access to the field should be restricted based on some auth scheme then you could either • if field is nullable -> return null • if field is non-nullable -> throw exception and it will fail the whole requests (i.e. cannot return null for non-null field)

Hey @Dariusz Kuc - thanks for replying. Let me check back and attempt these. Once again. Thanks for replying!