Hi,
I have some authorizations setup to handle Queries and Mutations like so (simplified)
services.AddSingleton(x =>
{
AuthorizationSettings settings = new AuthorizationSettings();
settings.AddPolicy(AuthConstants.USERS_POLICY, p => p.RequireClaim(ClaimTypes.Role));
settings.AddPolicy(AuthConstants.ADMIN_POLICY, p => p.RequireClaim(ClaimTypes.Role, ((int)UserRoles.Administrator).ToString()));
settings.AddPolicy(AuthConstants.SUPERVISOR_POLICY, p => p.RequireClaim(ClaimTypes.Role, ((int)UserRoles.Administrator).ToString(),
((int)UserRoles.Supervisor).ToString()));
return settings;
})
Now I'm attempting to add Subscriptions, but it looks like the Authorizations are not working. There didn't seem to be any built-in support for authorizing Subscriptions with JWTs, so I used this class for guidance. I can successfully retrieve the token from the connection, validate it, and add it to the HTTP context in an IOperationMessageListener::BeforeHandleAsync
public Task BeforeHandleAsync(MessageHandlingContext context)
{
if (context.Message.Type == MessageType.GQL_CONNECTION_INIT)
{
JObject payload = context.Message.Payload as JObject;
if (payload.TryGetValue("Authorization", System.StringComparison.OrdinalIgnoreCase, out JToken authValue))
{
string token = authValue.Value<string>();
if (string.IsNullOrWhiteSpace(token) == false)
{
int start = token.IndexOf(BEARER, System.StringComparison.OrdinalIgnoreCase);
if (start >= 0)
{
token = token.Substring(start + BEARER_LENGTH);
_httpContextAccessor.HttpContext.User = JwtHelper.CreatePrincipal(token);
}
}
}
}
ClaimsPrincipal user = _httpContextAccessor.HttpContext.User;
context.Properties["user"] = user;
return Task.CompletedTask;
}
But the subscription endpoint still says that I'm unauthorized when I use AuthorizeWith. Is this a bug or how can I authorize Subscriptions using JWTs? Any guidance would be much appreciated
Hi,
I have some authorizations setup to handle Queries and Mutations like so (simplified)
Now I'm attempting to add Subscriptions, but it looks like the Authorizations are not working. There didn't seem to be any built-in support for authorizing Subscriptions with JWTs, so I used this class for guidance. I can successfully retrieve the token from the connection, validate it, and add it to the HTTP context in an IOperationMessageListener::BeforeHandleAsync
But the subscription endpoint still says that I'm unauthorized when I use
AuthorizeWith. Is this a bug or how can I authorize Subscriptions using JWTs? Any guidance would be much appreciated