Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

JWT Defaulting to the Wrong (Public) Schema? #155

Open
jacobgraf opened this issue Oct 5, 2024 · 2 comments
Open

JWT Defaulting to the Wrong (Public) Schema? #155

jacobgraf opened this issue Oct 5, 2024 · 2 comments

Comments

@jacobgraf
Copy link

I use multiple schemas. I've specified what schema to use in the "Multiple Schemas" section of the plugin settings.

I was getting a "Missing Authorization Header" and finally found out that was due to having my Public Schema disabled, so I enabled that and then I was able to run an authenticate mutation and get a JWT back. I think used that authorization token as follows per the docs.

Authorization: JWT ${token} using the jwt value returned from the authenticate mutation response.

In the Craft CP, I see the refresh token entry created, and it's showing the correct schema for that token.

When I try to query for section entries that are enabled in that schema, it says "Schema doesn’t have access to the “My Site” site." which is my default site. When I run the same in GraphiQL with the "Public" schema selected, I get the same error.

So, it seems to be defaulting to the public schema, and not actually using the one defined in your plugin settings.

Any idea where to go from here? I'm pulling my hair out. 😁

@jacobgraf
Copy link
Author

@jamesedmonston

After further testing and troubleshooting, I’ve encountered some unexpected behavior related to the Public Schema. Specifically, if the Public Schema is disabled, or enabled without any permissions, things don’t seem to work as intended. When I enable “Query for elements in the primary site,” everything functions correctly. However, if that permission isn’t granted, I get an error indicating the Schema doesn’t have access to the Primary Site, even though the JWT I’m using is linked to a schema that isn’t the primary site.

Is there a technical reason for this behavior, or perhaps some documentation that outlines what must be enabled in the Public Schema to ensure the plugin functions correctly?

After enabling primary site querying in the Public Schema, everything worked as expected. Using the Viewer query, I verified that the JWT authenticated the correct user. I also tested toggling permissions for the specific section entries I’m working with in the appropriate schema, and observed the expected changes in permissions in my test queries. This seems to indicate that the JWT is correctly hitting the intended user and the schema referenced matches the plugin settings.

Do you have any insights into why this might be happening?

@jpcarpenter
Copy link

jpcarpenter commented Oct 7, 2024

Which version are you on? I'm on v3.0.0-RC3, and also hit up against this error:

I was getting a "Missing Authorization Header" and finally found out that was due to having my Public Schema disabled

I think the only difference between your setup and mine is that I'm querying against a private schema instead of the public schema, but in order to get anything working while querying the private schema, I had to have the public schema enabled, with the "Query for elements in the “My Website” site" checked ON.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants