Provide a way to expose authorization metadata through the graphql schema

Question

Provide a way to expose authorization metadata through the graphql schema

Opened this issue 2 years ago · 0 comments

Every (or certain) Object types could have a special __auth field of AuthMetadata type
AuthMetadata type could have 3 fields: query: AuthMetadataQuery, mutation: AuthMetadataMutation, subscription: AuthMetadataSubscription
Each of the three AuthMetadataX types could have corresponding fields (all queries, mutations, subscriptions)
Each field of AuthMetadataX could have 1 argument which accepts JSON string
Argument could contain information about arguments of corresponding query, mutation, subscription
Argument could contain placeholders which could be evaluated later
Placeholder could have an access to the parent entity e.g. $$parent.id
Validation of the argument could be done in graphql validate phase
Alternatively, some kind of 'virtual' variable could be introduced e.g. $parent
The result of resolving such fields could be the information on whether authorization is passing or not with the current context and provided args
Resolving of such fields could just execute auth rules, but not actual resolvers

Example query:

query post($id: ID!) {
  post(id: $id) {
    id
    title
    content
    author {
      id
     }
    __auth {
      mutation {
        deletePost(args: "{ \"id\": \"$$parent.id\" }")
      }
      query {
        userInfo(args: "{ \"userId\": \"$$parent.author.id\" }")
      }
    }
  }
}