Anshul Sharma
04/14/2022, 6:36 PMdirective @authz_decision on FIELD_DEFINITION
type Query {
getEmployee(id: ID): Employee
}
type Employee {
id: ID!
displayName: String! @authz_decision
age: Integer
gender: String
}
In this case - I want to write a customised directive where I will compute authorization for a field (internal authorization system) and based on the outcome, I can send back the field in the response or remove the field.
I looked at this link - https://opensource.expediagroup.com/graphql-kotlin/docs/schema-generator/customizing-schemas/directives/
And figured a way to inject directives into the configuration - but they don’t seem to be invoked at the runtime (at the query), instead, they get executed at the server startup.
Request help & advice! Thanks!Dariusz Kuc
04/14/2022, 6:56 PMI can send back the field in the response or remove the field.this violates GraphQL contract, if user requests field
A
then the response should contain field A
if access to the field should be restricted based on some auth scheme then you could either
• if field is nullable -> return null
• if field is non-nullable -> throw exception and it will fail the whole requests (i.e. cannot return null for non-null field)FIELD_DEFINITION
location which targets the schema objects (i.e. modifies the underlying schema), you should be specifying FIELD
location which is applied at runtimeAnshul Sharma
04/14/2022, 7:40 PM