Custom AuthorizationHandler HandleRequirementAsync when context fails HC returns AUTH_NOT_AUTHENTICATED instead of AUTH_NOT_AUTHORIZED #7779
Labels
Comments
|
We need a repro for this. |
|
Here's the handler, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Product
Hot Chocolate
Version
14
Link to minimal reproduction
na
Steps to reproduce
I have a custom Authorization handler, and in HandleRequirementAsync, I have my custom authorization logic, when authorization fails, context.Fail() is called, standard asp.net process to handle authorization policy requirement. But when this happens, hotchocolate gives AUTH_NOT_AUTHENTICATED instead of AUTH_NOT_AUTHORIZED error code, in HC 13 it was returning AUTH_NOT_AUTHORIZED. This is about authorization not authentication, the user is already authenticated by the role does not pass the authorization policy to access the info. Does it sound like a bug or is it by design?
What is expected?
AUTH_NOT_AUTHORIZED should be returned when AuthorizationHandler fails the authrozation check, i.e. revert back to behaviour in HC 13
What is actually happening?
I have a custom Authorization handler, and in HandleRequirementAsync, I have my custom authorization logic, when authorization fails, context.Fail() is called, standard asp.net process to handle authorization policy requirement. But when this happens, hotchocolate gives AUTH_NOT_AUTHENTICATED instead of AUTH_NOT_AUTHORIZED error code, in HC 13 it was returning AUTH_NOT_AUTHORIZED. This is about authorization not authentication, the user is already authenticated by the role does not pass the authorization policy to access the info. Does it sound like a bug or is it by design?
Relevant log output
Additional context
No response
The text was updated successfully, but these errors were encountered: