I’m using lighthouse-php to make a graphql api and I’m having a trouble changing middleware (it will be deprecated in new versions) directive to guard.
extend type Query @middleware(checks: ["auth:api"]) {
task(id: ID @eq): Task @can(ability: "view" find:"id") @find
mytasks: [Task!]!
}
Using this code works well. I mean, the system checks if the user is logged and check against the policy if the user can access to their task, but when I try to change the @middleware
directive to @guard
directive like this:
extend type Query @guard(with: ["api"]){
task(id: ID @eq): Task @can(ability: "view" find:"id") @find
mytasks: [Task!]!
}
Always return that the user is unauthenticated. But, in the last case if I remove the @can directive the system check if the user is logged or not (but I need to check against the policy if the user can access the specified task).
I’m using these versions of packages:
"joselfonseca/lighthouse-graphql-passport-auth": "^3.0",
"laravel/framework": "^6.2",
"laravel/passport": "^8.2",
"laravel/tinker": "^2.0",
"mll-lab/laravel-graphql-playground": "^2.0",
"nuwave/lighthouse": "^4.8"
Have somebody experimented with this trouble?
thanks.
2
Answers
I solved it.
we must to set up the config/auth.php file with the following:
In the meantime I’ve found another solution mentioned in the documentation:
https://lighthouse-php.com/master/security/authentication.html#global
So in short, I needed to add the AttemptAuthentication middleware to the lighthouse config. I use this with @auth(guard: “api”) added to all my types.