I am trying to use the quarkus-smallrye-graphql extension. And it seems like I cannot use any of the security annotations such as @Authenticated in a class annotated with @GraphQLApi. I previously tried to use the smallrye-graphql project directly and I was able to use security. But now when using the offered extension in quarkus, it does not work.
A simple example of api class is
@GraphQLApi
public class SomeApi {
@Query
@Authenticated
public String testQuery() {
return "hello...";
}
}
This does not work with the extension and I always get the unauthorized exception. Does anyone know how to do this?
The extension is not properly integrated with programmatic security yet. Please follow https://github.com/quarkusio/quarkus/issues/10001 that I've reported, it should be fixed soon.
In the meantime, it is possible to use config-based security as described in https://quarkus.io/guides/security#authorization-of-web-endpoints-using-configuration, just use /graphql* for the quarkus.http.auth.permission.roles1.paths property