From 27cb7da7de62edab6bc7c7e1bd30e176a88d8322 Mon Sep 17 00:00:00 2001 From: Lenny Burdette Date: Thu, 11 Jan 2024 06:57:04 -0500 Subject: [PATCH] docs: clarify coprocessor auth stages (#4306) The example for adding claims using a coprocessor seems to suggest that you must use the RouterRequest stage, but you can also using the SupergraphRequest stage (which will have the parsed operation.) --- **Checklist** Complete the checklist (and note appropriate exceptions) before the PR is marked ready-for-review. - [ ] Changes are compatible[^1] - [ ] Documentation[^2] completed - [ ] Performance impact assessed and acceptable - Tests added and passing[^3] - [ ] Unit Tests - [ ] Integration Tests - [ ] Manual Tests **Exceptions** *Note any exceptions here* **Notes** [^1]: It may be appropriate to bring upcoming changes to the attention of other (impacted) groups. Please endeavour to do this before seeking PR approval. The mechanism for doing this will vary considerably, so use your judgement as to how and when to do this. [^2]: Configuration is an important part of many changes. Where applicable please try to document configuration examples. [^3]: Tick whichever testing boxes are applicable. If you are adding Manual Tests, please document the manual testing (extensively) in the Exceptions. --------- Co-authored-by: Edward Huang <18322228+shorgi@users.noreply.github.com> Co-authored-by: Geoffroy Couprie --- docs/source/customizations/coprocessor.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/source/customizations/coprocessor.mdx b/docs/source/customizations/coprocessor.mdx index afeeb0758d..891289f154 100644 --- a/docs/source/customizations/coprocessor.mdx +++ b/docs/source/customizations/coprocessor.mdx @@ -1021,14 +1021,14 @@ Subsequent response chunks omit the `headers` and `statusCode` fields: ## Adding authorization claims via coprocessor -To use the [authorization directives](../configuration/authorization#authorization-directives), a request needs to include **claims**—the details of its authentication and scope. The most straightforward way to add claims is with [JWT authentication](../configuration/./authn-jwt). You can also add claims with a [`RouterService` coprocessor](#how-it-works) since it hooks into the request lifecycle directly after the router has received a client request. +To use the [authorization directives](../configuration/authorization#authorization-directives), a request needs to include **claims**—the details of its authentication and scope. The most straightforward way to add claims is with [JWT authentication](../configuration/./authn-jwt). You can also add claims with a [`RouterService` or `SupergraphService` coprocessor](#how-it-works) since they hook into the request lifecycle before the router applies authorization logic. -The router configuration needs to include at least these settings: +An example configuration of the router calling a coprocessor for authorization claims: ```yaml title="router.yaml" coprocessor: url: http://127.0.0.1:8081 # Required. Replace with the URL of your coprocessor's HTTP endpoint. - router: # By including this key, a coprocessor can hook into the `RouterService` + router: # By including this key, a coprocessor can hook into the `RouterService`. You can also use `SupergraphService` for authorization. request: # By including this key, the `RouterService` sends a coprocessor request whenever it first receives a client request. headers: false # These boolean properties indicate which request data to include in the coprocessor request. All are optional and false by default. context: true # The authorization directives works with claims stored in the request's context