You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
You'll now have a class with [Authorize], a basic query class which resolves on id/resolve all/whatever, and supposedly secured by a JWT token.
Performing a graphql to the endpoint without a JWT token (or an invalid one) will result in the error "The current user is not authorized to access this resource" as expected, but the endpoint is called, all the code is executed, only the response is altered.
No actual authentication/authorization checks are run at all before executing the code.
Only the response is faked to indicate that the query failed.
The text was updated successfully, but these errors were encountered:
Create a project following the steps in https://chillicream.com/docs/hotchocolate/v12/security/authentication and https://chillicream.com/docs/hotchocolate/v12/security/authorization
You'll now have a class with [Authorize], a basic query class which resolves on id/resolve all/whatever, and supposedly secured by a JWT token.
Performing a graphql to the endpoint without a JWT token (or an invalid one) will result in the error "The current user is not authorized to access this resource" as expected, but the endpoint is called, all the code is executed, only the response is altered.
No actual authentication/authorization checks are run at all before executing the code.
Only the response is faked to indicate that the query failed.
The text was updated successfully, but these errors were encountered: