The policy name in the AuthorizeAttribute is not being passed to the GetPolicyAsync method of IAuthorizationPolicyProvider.

Question

The policy name in the AuthorizeAttribute is not being passed to the GetPolicyAsync method of IAuthorizationPolicyProvider.

wateryehxx opened this issue 2 months ago · 1 comments

wateryehxx commented 2 months ago

Product

Hot Chocolate

Version

14.1.0

Link to minimal reproduction

https://github.com/ChilliCream/graphql-platform/blob/main/src/HotChocolate/Core/src/Authorization/AuthorizeAttribute.cs

Steps to reproduce

IAuthorizationPolicyProvider interface needs to implement three methods:

GetPolicyAsync
GetDefaultPolicyAsync
GetFallbackPolicyAsync

When using the AuthorizeAttribute in Chocolate and setting a Policy, then making requests through Postman, the policy is only passed to GetPolicyAsync during the first query. For subsequent queries, the policy is no longer passed to GetPolicyAsync.
This behavior is different from what occurs in Chocolate version 13, and the issue arises in Chocolate version 14.1.0.

What is expected?

Every time a query is made, the policy will be passed to GetPolicyAsync.

What is actually happening?

The policy is only passed to GetPolicyAsync during the first query. For subsequent queries, the policy is no longer passed to GetPolicyAsync.

Relevant log output

Additional context

No response

Answer 1 · 2024-11-09T14:53:01.000Z

I'm sorry, this was introduced by a change I did in #7408. I've just corrected it in #7705.

I'll see to it getting back-ported to 14.2.0.