{"id":20831952,"url":"https://github.com/graphql-dotnet/authorization","last_synced_at":"2025-03-17T14:18:03.833Z","repository":{"id":23233065,"uuid":"98492561","full_name":"graphql-dotnet/authorization","owner":"graphql-dotnet","description":"A toolset for authorizing access to graph types for GraphQL .NET.","archived":false,"fork":false,"pushed_at":"2024-08-22T05:52:24.000Z","size":369,"stargazers_count":160,"open_issues_count":23,"forks_count":38,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-03-03T23:49:45.641Z","etag":null,"topics":["authorization","graphql"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/graphql-dotnet.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"open_collective":"graphql-net"}},"created_at":"2017-07-27T04:06:30.000Z","updated_at":"2025-02-20T07:21:12.000Z","dependencies_parsed_at":"2024-01-23T21:19:02.716Z","dependency_job_id":"e3c23a56-9d21-4503-9c24-2f7e0b005e4a","html_url":"https://github.com/graphql-dotnet/authorization","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graphql-dotnet%2Fauthorization","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graphql-dotnet%2Fauthorization/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graphql-dotnet%2Fauthorization/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graphql-dotnet%2Fauthorization/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/graphql-dotnet","download_url":"https://codeload.github.com/graphql-dotnet/authorization/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244047645,"owners_count":20389206,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorization","graphql"],"created_at":"2024-11-18T00:09:39.005Z","updated_at":"2025-03-17T14:18:03.800Z","avatar_url":"https://github.com/graphql-dotnet.png","language":"C#","funding_links":["https://opencollective.com/graphql-net"],"categories":[],"sub_categories":[],"readme":"# GraphQL Authorization\n\n[![License](https://img.shields.io/github/license/graphql-dotnet/authorization)](LICENSE.md)\n[![codecov](https://codecov.io/gh/graphql-dotnet/authorization/branch/master/graph/badge.svg?token=TODO)](https://codecov.io/gh/graphql-dotnet/authorization)\n[![Nuget](https://img.shields.io/nuget/dt/GraphQL.Authorization)](https://www.nuget.org/packages/GraphQL.Authorization)\n[![Nuget](https://img.shields.io/nuget/v/GraphQL.Authorization)](https://www.nuget.org/packages/GraphQL.Authorization)\n[![GitHub Release Date](https://img.shields.io/github/release-date/graphql-dotnet/authorization?label=released)](https://github.com/graphql-dotnet/authorization/releases)\n[![GitHub commits since latest release (by date)](https://img.shields.io/github/commits-since/graphql-dotnet/authorization/latest?label=new+commits)](https://github.com/graphql-dotnet/authorization/commits/master)\n![Size](https://img.shields.io/github/repo-size/graphql-dotnet/authorization)\n\n[![GitHub contributors](https://img.shields.io/github/contributors/graphql-dotnet/authorization)](https://github.com/graphql-dotnet/authorization/graphs/contributors)\n![Activity](https://img.shields.io/github/commit-activity/w/graphql-dotnet/authorization)\n![Activity](https://img.shields.io/github/commit-activity/m/graphql-dotnet/authorization)\n![Activity](https://img.shields.io/github/commit-activity/y/graphql-dotnet/authorization)\n\nA toolset for authorizing access to graph types for [GraphQL.NET](https://github.com/graphql-dotnet/graphql-dotnet).\n\nProvides the following packages:\n\n| Package               | Downloads                                                                                                               | NuGet Latest                                                                                                           |\n| --------------------- | ----------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- |\n| GraphQL.Authorization | [![Nuget](https://img.shields.io/nuget/dt/GraphQL.Authorization)](https://www.nuget.org/packages/GraphQL.Authorization) | [![Nuget](https://img.shields.io/nuget/v/GraphQL.Authorization)](https://www.nuget.org/packages/GraphQL.Authorization) |\n\nYou can get all preview versions from [GitHub Packages](https://github.com/orgs/graphql-dotnet/packages?repo_name=authorization).\nNote that GitHub requires authentication to consume the feed. See [here](https://docs.github.com/en/free-pro-team@latest/packages/publishing-and-managing-packages/about-github-packages#authenticating-to-github-packages).\n\n# Usage\n\n- Register the authorization classes in your DI container - call `AddAuthorization` on the provided `IGraphQLBuilder` inside `AddGraphQL` extension method.\n- Provide the `ClaimsPrincipal` through `ExecutionOptions.User`.\n- Add policies to the `AuthorizationSettings`.\n- Apply a policy to a GraphType or Field - both implement `IProvideMetadata`:\n  - using `AuthorizeWithPolicy(string policy)` extension method\n  - or with `AuthorizeAttribute` attribute if using Schema + Handler syntax.\n- The `AuthorizationValidationRule` will run and verify the policies based on the registered policies.\n- You can write your own `IAuthorizationRequirement`.\n\n# Limitations\n\n`@skip` and `@include` directives are ignored; all selected fields of the selected operation will\nbe checked for authentication requirements, including referenced fragments. (Other operations\nin the same document will correctly be skipped.)\n\nThis authorization framework only supports policy-based authorization. It does not support role-based authorization, or the\n`[AllowAnonymous]` attribute/extension, or the `[Authorize]` attribute/extension indicating authorization is required\nbut without specifying a policy. It also does not integrate with ASP.NET Core's authorization framework.\n\nThe [GraphQL.Server](https://www.github.com/graphql-dotnet/server) repository contains an authorization rule which has the above\nmissing features, intended for use with ASP.NET Core. It may also be tailored with custom authentication code if desired, rather than\nrelying on ASP.NET Core's authentication framework.\n\n# Examples\n\n1. Fully functional basic [Console sample](src/BasicSample/Program.cs).\n\n2. Fully functional [ASP.NET Core sample](src/Harness/Program.cs).\n\n3. GraphType first syntax - use `AuthorizeWithPolicy` extension method on `IGraphType` or `IFieldType`.\n\n```csharp\npublic class MyType : ObjectGraphType\n{\n    public MyType()\n    {\n        this.AuthorizeWithPolicy(\"AdminPolicy\");\n        Field\u003cStringGraphType\u003e(\"name\").AuthorizeWithPolicy(\"SomePolicy\");\n    }\n}\n```\n\n4. Schema first syntax - use `AuthorizeAttribute` attribute on type, method or property.\n\n```csharp\n[Authorize(\"MyPolicy\")]\npublic class MutationType\n{\n    [Authorize(\"AnotherPolicy\")]\n    public async Task\u003cstring\u003e CreateSomething(MyInput input)\n    {\n        return await SomeMethodAsync(input);\n    }\n\n    [Authorize(\"SuperPolicy\")]\n    public string SomeProperty =\u003e Guid.NewGuid().ToString();\n}\n```\n\n# Known Issues\n\n- It is currently not possible to add a policy to Input objects using Schema first approach.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgraphql-dotnet%2Fauthorization","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgraphql-dotnet%2Fauthorization","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgraphql-dotnet%2Fauthorization/lists"}