Пытаюсь использовать AAD и Keycloak в качестве схем аутентификации. Но я продолжаю получать сообщение «Доступ запрещен для типа RootQuery для операции запроса».
Вот мой код:
Код: Выделить всё
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer("AAD",options =>
{
options.Audience = appSettings?.Auth?.Audience;
options.Authority = appSettings?.Auth?.Authority;
}).AddJwtBearer("Keycloak", options =>
{
options.Authority = appSettings.Auth.KeycloakAuthority;
options.Audience = appSettings.Auth.KeycloakAudience;
options.RequireHttpsMetadata = true; // Set to true in production
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero
};
});
services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.AddAuthenticationSchemes("AAD", "Keycloak")
.Build();
});
// https://github.com/graphql-dotnet/server/blob/master/docs/migration/migration7.md
services.AddGraphQL(builder => builder
.AddSystemTextJson()
.AddGraphTypes()
.AddAuthorizationRule() // Migrating from v6 to v7.1, Check the link above
);
Источник: https://stackoverflow.com/questions/781 ... in-graphql