GraphQL policy - accessing user

System Information
  • Strapi Version: 4.3.3
  • Operating System: OSX
  • Database: MySQL
  • Node Version: 14.19.3
  • NPM Version:
  • Yarn Version: 1.22.19

I’m having a hard time implementing isOwner in GraphQL.
Would prefer to be global vs per entity, but have done this so far - been searching docs and can’t find anything.

Help greatly appreciated.

If there a way to apply to all GraphQL queries or does it need to be specified for each one

const fund = require("./api/fund/routes/fund");

module.exports = {
  register({ strapi }) {
    const extensionService = strapi.plugin("graphql").service("extension");

      resolversConfig: {
        "Query.currencies": {
          policies: [
            (context, config, { strapi }) => {
              return true; //trivial example
          auth: false,

But all I get back for context.state is:

  route: { info: { type: 'content-api' } },
  isAuthenticated: true,
  auth: {
    strategy: {
      name: 'users-permissions',
      authenticate: [AsyncFunction: authenticate],
      verify: [AsyncFunction: verify]
    credentials: null

Well if anyone comes across this…
If you don’t set an authorization header (Bearer) there will be no user.

Seems kind of obvious when I actually write this down :slight_smile:

I had the same issue. Did not work for me even in the playground.

Place the following in the HTTP Headers section using the exact syntax worked for me.

  "Authorization":"Bearer REPLACE_WITH_YOUR_TOKEN"

Make sure there is no comma at at the end.