@apollo/federation-internals 2.9.2 → 2.9.4

package/dist/specs/requiresScopesSpec.js.map

@@ -1 +1 @@
-{"version":3,"file":"requiresScopesSpec.js","sourceRoot":"","sources":["../../src/specs/requiresScopesSpec.ts"],"names":[],"mappings":";;;AAAA,qCAA4C;AAC5C,yCAMoB;AACpB,gDAAuD;AACvD,oFAA+G;AAC/G,4DAA4D;AAC5D,oFAAmF;AACnF,oCAAkC;AAElC,IAAY,sBAEX;AAFD,WAAY,sBAAsB;IAChC,yCAAe,CAAA;AACjB,CAAC,EAFW,sBAAsB,sCAAtB,sBAAsB,QAEjC;AAED,MAAa,4BAA6B,SAAQ,4BAAiB;IAKjE,YAAY,OAAuB;QACjC,KAAK,CACH,IAAI,qBAAU,CACZ,4BAA4B,CAAC,QAAQ,EACrC,4BAA4B,CAAC,aAAa,EAC1C,OAAO,CACR,CACF,CAAC;QAEF,IAAI,CAAC,YAAY,CAAC,IAAA,6DAA6B,EAAC,EAAE,IAAI,EAAE,sBAAsB,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAEzF,IAAI,CAAC,iBAAiB,CAAC,IAAA,4DAA4B,EAAC;YAClD,IAAI,EAAE,4BAA4B,CAAC,aAAa;YAChD,IAAI,EAAE,CAAC;oBACL,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE;wBACxB,IAAA,cAAM,EAAC,OAAO,EAAE,2DAA2D,CAAC,CAAC;wBAC7E,MAAM,SAAS,GAAG,OAAO,CAAC,gBAAgB,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;wBACzE,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;wBACzC,IAAA,cAAM,EAAC,SAAS,EAAE,GAAG,EAAE,CAAC,aAAa,SAAS,iBAAiB,CAAC,CAAC;wBACjE,OAAO,IAAI,yBAAW,CAAC,IAAI,sBAAQ,CAAC,IAAI,yBAAW,CAAC,IAAI,sBAAQ,CAAC,IAAI,yBAAW,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;oBAClG,CAAC;oBACD,mBAAmB,EAAE,+DAA+B,CAAC,KAAK;iBAC3D,CAAC;YACF,SAAS,EAAE;gBACT,2BAAiB,CAAC,gBAAgB;gBAClC,2BAAiB,CAAC,MAAM;gBACxB,2BAAiB,CAAC,SAAS;gBAC3B,2BAAiB,CAAC,MAAM;gBACxB,2BAAiB,CAAC,IAAI;aACvB;YACD,QAAQ,EAAE,IAAI;YACd,uBAAuB,EAAE,GAAG,EAAE,CAAC,gCAAwB,CAAC,MAAM,EAAE;SACjE,CAAC,CAAC,CAAC;IACN,CAAC;IAED,IAAI,kBAAkB;QACpB,OAAO,UAAU,CAAC;IACpB,CAAC;;AA3CH,oEA4CC;AA3CwB,0CAAa,GAAG,gBAAgB,CAAC;AACjC,qCAAQ,GAC7B,4BAA4B,4BAA4B,CAAC,aAAa,EAAE,CAAC;AA2ChE,QAAA,wBAAwB,GACnC,IAAI,6BAAkB,CACpB,4BAA4B,CAAC,QAAQ,CACtC,CAAC,GAAG,CAAC,IAAI,4BAA4B,CAAC,IAAI,yBAAc,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;AAEpE,IAAA,wCAAoB,EAAC,gCAAwB,CAAC,CAAC"}
+{"version":3,"file":"requiresScopesSpec.js","sourceRoot":"","sources":["../../src/specs/requiresScopesSpec.ts"],"names":[],"mappings":";;;AAAA,qCAA4C;AAC5C,yCAMoB;AACpB,gDAAkF;AAClF,oFAA+G;AAC/G,4DAA4D;AAC5D,oFAAmF;AACnF,oCAAkC;AAElC,IAAY,sBAEX;AAFD,WAAY,sBAAsB;IAChC,yCAAe,CAAA;AACjB,CAAC,EAFW,sBAAsB,sCAAtB,sBAAsB,QAEjC;AAED,MAAa,4BAA6B,SAAQ,4BAAiB;IAKjE,YAAY,OAAuB;QACjC,KAAK,CACH,IAAI,qBAAU,CACZ,4BAA4B,CAAC,QAAQ,EACrC,4BAA4B,CAAC,aAAa,EAC1C,OAAO,CACR,CACF,CAAC;QAEF,IAAI,CAAC,YAAY,CAAC,IAAA,6DAA6B,EAAC,EAAE,IAAI,EAAE,sBAAsB,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAEzF,IAAI,CAAC,iBAAiB,CAAC,IAAA,4DAA4B,EAAC;YAClD,IAAI,EAAE,4BAA4B,CAAC,aAAa;YAChD,IAAI,EAAE,CAAC;oBACL,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE;wBACxB,IAAA,cAAM,EAAC,OAAO,EAAE,2DAA2D,CAAC,CAAC;wBAC7E,MAAM,SAAS,GAAG,OAAO,CAAC,gBAAgB,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;wBACzE,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;wBACzC,IAAA,cAAM,EAAC,SAAS,EAAE,GAAG,EAAE,CAAC,aAAa,SAAS,iBAAiB,CAAC,CAAC;wBACjE,OAAO,IAAI,yBAAW,CAAC,IAAI,sBAAQ,CAAC,IAAI,yBAAW,CAAC,IAAI,sBAAQ,CAAC,IAAI,yBAAW,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;oBAClG,CAAC;oBACD,mBAAmB,EAAE,+DAA+B,CAAC,eAAe;iBACrE,CAAC;YACF,SAAS,EAAE;gBACT,2BAAiB,CAAC,gBAAgB;gBAClC,2BAAiB,CAAC,MAAM;gBACxB,2BAAiB,CAAC,SAAS;gBAC3B,2BAAiB,CAAC,MAAM;gBACxB,2BAAiB,CAAC,IAAI;aACvB;YACD,QAAQ,EAAE,IAAI;YACd,uBAAuB,EAAE,GAAG,EAAE,CAAC,gCAAwB,CAAC,MAAM,EAAE;SACjE,CAAC,CAAC,CAAC;IACN,CAAC;IAED,uBAAuB,CAAC,MAAc;QACpC,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,4BAA4B,CAAC,aAAa,CAAC,CAAC;IAC5E,CAAC;IAED,IAAI,kBAAkB;QACpB,OAAO,UAAU,CAAC;IACpB,CAAC;;AA/CH,oEAgDC;AA/CwB,0CAAa,GAAG,gBAAgB,CAAC;AACjC,qCAAQ,GAC7B,4BAA4B,4BAA4B,CAAC,aAAa,EAAE,CAAC;AA+ChE,QAAA,wBAAwB,GACnC,IAAI,6BAAkB,CACpB,4BAA4B,CAAC,QAAQ,CACtC,CAAC,GAAG,CAAC,IAAI,4BAA4B,CAAC,IAAI,yBAAc,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;AAEpE,IAAA,wCAAoB,EAAC,gCAAwB,CAAC,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@apollo/federation-internals",
-  "version": "2.9.2",
+  "version": "2.9.4",
   "description": "Apollo Federation internal utilities",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/argumentCompositionStrategies.ts

@@ -1,4 +1,4 @@
-import { InputType, NonNullType, Schema, isListType, isNonNullType } from "./definitions"
+import {InputType, NonNullType, Schema, isListType, isNonNullType} from "./definitions"
 import { sameType } from "./types";
 import { valueEquals } from "./values";
 
@@ -19,6 +19,14 @@ function supportFixedTypes(types: (schema: Schema) => InputType[]): TypeSupportV
   };
 }
 
+function supportAnyNonNullNestedArray(): TypeSupportValidator {
+  return (_, type) =>
+    isNonNullType(type) && isListType(type.ofType)
+      && isNonNullType(type.ofType.ofType) && isListType(type.ofType.ofType.ofType)
+        ? { valid: true }
+        : { valid: false, supportedMsg: 'non nullable nested list types of any type' }
+}
+
 function supportAnyNonNullArray(): TypeSupportValidator {
   return (_, type) => isNonNullType(type) && isListType(type.ofType)
     ? { valid: true }
@@ -54,6 +62,104 @@ function unionValues(values: any[]): any {
   }, []);
 }
 
+/**
+ * Performs conjunction of 2d arrays that represent conditions in Disjunctive Normal Form.
+ *
+ * * Each inner array is interpreted as the conjunction of the conditions in the array.
+ * * The top-level array is interpreted as the disjunction of the inner arrays
+ *
+ * Algorithm
+ * * filter out duplicate entries to limit the amount of necessary computations
+ * * calculate cartesian product of the arrays to find all possible combinations
+ *   * simplify combinations by dropping duplicate conditions (i.e. p ^ p = p, p ^ q = q ^ p)
+ * * eliminate entries that are subsumed by others (i.e. (p ^ q) subsumes (p ^ q ^ r))
+ */
+function dnfConjunction<T>(values: T[][][]): T[][] {
+  // should never be the case
+  if (values.length == 0) {
+    return [];
+  }
+
+  // we first filter out duplicate values from candidates
+  // this avoids exponential computation of exactly the same conditions
+  const filtered = filterNestedArrayDuplicates(values);
+
+  // initialize with first entry
+  let result: T[][] = filtered[0];
+  // perform cartesian product to find all possible entries
+  for (let i = 1; i < filtered.length; i++) {
+    const current = filtered[i];
+    const accumulator: T[][] = [];
+    const seen = new Set<string>;
+
+    for (const accElement of result) {
+      for (const currentElement of current) {
+        // filter out elements that are already present in accElement
+        const filteredElement = currentElement.filter((e) => !accElement.includes(e));
+        const candidate = [...accElement, ...filteredElement].sort();
+        const key = JSON.stringify(candidate);
+        // only add entries which has not been seen yet
+        if (!seen.has(key)) {
+          seen.add(key);
+          accumulator.push(candidate);
+        }
+      }
+    }
+    // Now we need to deduplicate the results. Given that
+    // - outer array implies OR requirements
+    // - inner array implies AND requirements
+    // We can filter out any inner arrays that fully contain other inner arrays, i.e.
+    //   A OR B OR (A AND B) OR (A AND B AND C) => A OR B
+    result = deduplicateSubsumedValues(accumulator);
+  }
+  return result;
+}
+
+function filterNestedArrayDuplicates<T>(values: T[][][]): T[][][] {
+  const filtered: T[][][] = [];
+  const seen = new Set<string>;
+  values.forEach((value) => {
+    value.sort();
+    const key = JSON.stringify(value);
+    if (!seen.has(key)) {
+      seen.add(key);
+      filtered.push(value);
+    }
+  });
+  return filtered;
+}
+
+function deduplicateSubsumedValues<T>(values: T[][]): T[][] {
+  const result: T[][] = [];
+  // we first sort by length as the longer ones might be dropped
+  values.sort((first, second) => {
+    if (first.length < second.length) {
+      return -1;
+    } else if (first.length > second.length) {
+      return 1;
+    } else {
+      return 0;
+    }
+  });
+
+  for (const candidate of values) {
+    const entry = new Set(candidate);
+    let redundant = false;
+    for (const r of result) {
+      if (r.every(e => entry.has(e))) {
+        // if `r` is a subset of a `candidate` then it means `candidate` is redundant
+        redundant = true;
+        break;
+      }
+    }
+
+    if (!redundant) {
+      result.push(candidate);
+    }
+  }
+  return result;
+}
+
 export const ARGUMENT_COMPOSITION_STRATEGIES = {
   MAX: {
     name: 'MAX',
@@ -95,7 +201,8 @@ export const ARGUMENT_COMPOSITION_STRATEGIES = {
       schema.booleanType(),
       new NonNullType(schema.booleanType())
     ]),
-    mergeValues: mergeNullableValues(
+    mergeValues:
+        mergeNullableValues(
       (values: boolean[]) => values.every((v) => v)
     ),
   },
@@ -113,5 +220,10 @@ export const ARGUMENT_COMPOSITION_STRATEGIES = {
     name: 'NULLABLE_UNION',
     isTypeSupported: supportAnyArray(),
     mergeValues: mergeNullableValues(unionValues),
+  },
+  DNF_CONJUNCTION: {
+    name: 'DNF_CONJUNCTION',
+    isTypeSupported: supportAnyNonNullNestedArray(),
+    mergeValues: dnfConjunction
   }
 }

package/src/error.ts

@@ -740,6 +740,24 @@ const LIST_SIZE_INVALID_SIZED_FIELD = makeCodeDefinition(
   { addedIn: '2.9.2' },
 );
 
+const MAX_VALIDATION_SUBGRAPH_PATHS_EXCEEDED = makeCodeDefinition(
+  'MAX_VALIDATION_SUBGRAPH_PATHS_EXCEEDED',
+  'The maximum number of validation subgraph paths has been exceeded.',
+  { addedIn: '2.8.0' },
+);
+
+const AUTHENTICATION_APPLIED_ON_INTERFACE = makeCodeDefinition(
+    'AUTHENTICATION_APPLIED_ON_INTERFACE',
+    'The @authenticated, @requiresScopes and @policy directive cannot be applied on interface, interface object or their fields.',
+    { addedIn: '2.9.4' },
+);
+
+const MISSING_TRANSITIVE_AUTH_REQUIREMENTS = makeCodeDefinition(
+    'MISSING_TRANSITIVE_AUTH_REQUIREMENTS',
+    'Field missing transitive @authenticated, @requiresScopes and/or @policy auth requirements needed to access dependent data.',
+    { addedIn: '2.9.4' },
+)
+
 export const ERROR_CATEGORIES = {
   DIRECTIVE_FIELDS_MISSING_EXTERNAL,
   DIRECTIVE_UNSUPPORTED_ON_INTERFACE,
@@ -860,6 +878,9 @@ export const ERRORS = {
   LIST_SIZE_INVALID_ASSUMED_SIZE,
   LIST_SIZE_INVALID_SIZED_FIELD,
   LIST_SIZE_INVALID_SLICING_ARGUMENT,
+  MAX_VALIDATION_SUBGRAPH_PATHS_EXCEEDED,
+  AUTHENTICATION_APPLIED_ON_INTERFACE,
+  MISSING_TRANSITIVE_AUTH_REQUIREMENTS,
 };
 
 const codeDefByCode = Object.values(ERRORS).reduce((obj: {[code: string]: ErrorCodeDefinition}, codeDef: ErrorCodeDefinition) => { obj[codeDef.code] = codeDef; return obj; }, {});

package/src/federation.ts

@@ -37,7 +37,7 @@ import {
   isWrapperType,
   possibleRuntimeTypes,
   isIntType,
-  Type,
+  Type, isFieldDefinition,
 } from "./definitions";
 import { assert, MultiMap, printHumanReadableList, OrderedMap, mapValues, assertUnreachable } from "./utils";
 import { SDLValidationRule } from "graphql/validation/ValidationContext";
@@ -1808,7 +1808,7 @@ export class FederationBlueprint extends SchemaBlueprint {
         const keyApplications = objectType.appliedDirectivesOf(keyDirective);
         if (!keyApplications.some(app => app.arguments().resolvable || app.arguments().resolvable === undefined)) {
           errorCollector.push(ERRORS.CONTEXT_NO_RESOLVABLE_KEY.err(
-            `Object "${objectType.coordinate}" has no resolvable key but has an a field with a contextual argument.`,
+            `Object "${objectType.coordinate}" has no resolvable key but has a field with a contextual argument.`,
             { nodes: sourceASTs(objectType) }
           ));
         }
@@ -1875,6 +1875,9 @@ export class FederationBlueprint extends SchemaBlueprint {
       validateSizedFieldsAreValidLists(application, parent, errorCollector);
     }
 
+    // Validate @authenticated, @requireScopes and @policy
+    validateNoAuthenticationOnInterfaces(metadata, errorCollector);
+
     return errorCollector;
   }
 
@@ -2280,12 +2283,14 @@ export function parseFieldSetArgument({
   fieldAccessor,
   validate,
   decorateValidationErrors = true,
+  normalize = false,
 }: {
   parentType: CompositeType,
   directive: Directive<SchemaElement<any, any>, {fields: any}>,
   fieldAccessor?: (type: CompositeType, fieldName: string) => FieldDefinition<any> | undefined,
   validate?: boolean,
   decorateValidationErrors?: boolean,
+  normalize?: boolean,
 }): SelectionSet {
   try {
     const selectionSet = parseSelectionSet({
@@ -2302,7 +2307,9 @@ export function parseFieldSetArgument({
         }
       });
     }
-    return selectionSet;
+    return normalize
+      ? selectionSet.normalize({ parentType, recursive: true })
+      : selectionSet;
   } catch (e) {
     if (!(e instanceof GraphQLError) || !decorateValidationErrors) {
       throw e;
@@ -2922,3 +2929,39 @@ function withoutNonExternalLeafFields(selectionSet: SelectionSet): SelectionSet
     return undefined;
   });
 }
+
+function validateNoAuthenticationOnInterfaces(metadata: FederationMetadata, errorCollector: GraphQLError[]) {
+  const authenticatedDirective = metadata.authenticatedDirective();
+  const requiresScopesDirective = metadata.requiresScopesDirective();
+  const policyDirective = metadata.policyDirective();
+  [authenticatedDirective, requiresScopesDirective, policyDirective].forEach((directive) => {
+    for (const application of directive.applications()) {
+      const element = application.parent;
+      function isAppliedOnInterface(type: Type) {
+        return isInterfaceType(type) || isInterfaceObjectType(baseType(type));
+      }
+      function isAppliedOnInterfaceField(elem: SchemaElement<any, any>) {
+        return isFieldDefinition(elem) && isAppliedOnInterface(elem.parent);
+      }
+
+      if (isAppliedOnInterface(element) || isAppliedOnInterfaceField(element)) {
+        let kind = '';
+        switch (element.kind) {
+          case 'FieldDefinition':
+            kind = 'field';
+            break;
+          case 'InterfaceType':
+            kind = 'interface';
+            break;
+          case 'ObjectType':
+            kind = 'interface object';
+            break;
+        }
+        errorCollector.push(ERRORS.AUTHENTICATION_APPLIED_ON_INTERFACE.err(
+            `Invalid use of @${directive.name} on ${kind} "${element.coordinate}": @${directive.name} cannot be applied on interfaces, interface objects or their fields`,
+            {nodes: sourceASTs(application, element.parent)},
+        ));
+      }
+    }
+  });
+}

package/src/operations.ts

@@ -1193,6 +1193,11 @@ export class NamedFragmentDefinition extends DirectiveTargetElement<NamedFragmen
     }
   }
 
+  collectVariables(collector: VariableCollector) {
+    this.selectionSet.collectVariables(collector);
+    this.collectVariablesInAppliedDirectives(collector);
+  }
+
   toFragmentDefinitionNode() : FragmentDefinitionNode {
     return {
       kind: Kind.FRAGMENT_DEFINITION,
@@ -1658,10 +1663,10 @@ export class SelectionSet {
         }
 
         return new FragmentSpreadSelection(this.parentType, namedFragments, fragmentDefinition, []);
-      } else if (selection.kind === 'FieldSelection') {
-        if (selection.selectionSet) {
-          selection = selection.withUpdatedSelectionSet(selection.selectionSet.minimizeSelectionSet(namedFragments, seenSelections)[0]);
-        }
+      }
+
+      if (selection.selectionSet) {
+        selection = selection.withUpdatedSelectionSet(selection.selectionSet.minimizeSelectionSet(namedFragments, seenSelections)[0]);
       }
       return selection;
     });
@@ -2114,10 +2119,10 @@ export class SelectionSet {
     // By default, we will print the selection the order in which things were added to it.
     // If __typename is selected however, we put it first. It's a detail but as __typename is a bit special it looks better,
     // and it happens to mimic prior behavior on the query plan side so it saves us from changing tests for no good reasons.
-    const isNonAliasedTypenameSelection = (s: Selection) => s.kind === 'FieldSelection' && !s.element.alias && s.element.name === typenameFieldName;
-    const typenameSelection = this._selections.find((s) => isNonAliasedTypenameSelection(s));
+    const isPlainTypenameSelection = (s: Selection) => s.kind === 'FieldSelection' && s.isPlainTypenameField();
+    const typenameSelection = this._selections.find((s) => isPlainTypenameSelection(s));
     if (typenameSelection) {
-      return [typenameSelection].concat(this.selections().filter(s => !isNonAliasedTypenameSelection(s)));
+      return [typenameSelection].concat(this.selections().filter(s => !isPlainTypenameSelection(s)));
     } else {
       return this._selections;
     }
@@ -3053,6 +3058,13 @@ export class FieldSelection extends AbstractSelection<Field<any>, undefined, Fie
     return this.element.definition.name === typenameFieldName;
   }
 
+  // Is this a plain simple __typename without any directive or alias?
+  isPlainTypenameField(): boolean {
+    return this.element.definition.name === typenameFieldName
+        && this.element.appliedDirectives.length == 0
+        && !this.element.alias;
+  }
+
   withAttachment(key: string, value: string): FieldSelection {
     const updatedField = this.element.copy();
     updatedField.addAttachment(key, value);

package/src/specs/authenticatedSpec.ts

@@ -8,6 +8,7 @@ import {
 } from "./coreSpec";
 import { createDirectiveSpecification } from "../directiveAndTypeSpecification";
 import { registerKnownFeature } from "../knownCoreFeatures";
+import {DirectiveDefinition, Schema} from "../definitions";
 
 export class AuthenticatedSpecDefinition extends FeatureDefinition {
   public static readonly directiveName = "authenticated";
@@ -37,6 +38,10 @@ export class AuthenticatedSpecDefinition extends FeatureDefinition {
     }));
   }
 
+  authenticatedDirective(schema: Schema): DirectiveDefinition | undefined {
+    return this.directive(schema, AuthenticatedSpecDefinition.directiveName);
+  }
+
   get defaultCorePurpose(): CorePurpose {
     return 'SECURITY';
   }

package/src/specs/policySpec.ts

@@ -6,7 +6,7 @@ import {
   FeatureUrl,
   FeatureVersion,
 } from "./coreSpec";
-import { ListType, NonNullType } from "../definitions";
+import {DirectiveDefinition, ListType, NonNullType, Schema} from "../definitions";
 import { createDirectiveSpecification, createScalarTypeSpecification } from "../directiveAndTypeSpecification";
 import { registerKnownFeature } from "../knownCoreFeatures";
 import { ARGUMENT_COMPOSITION_STRATEGIES } from "../argumentCompositionStrategies";
@@ -42,7 +42,7 @@ export class PolicySpecDefinition extends FeatureDefinition {
           assert(PolicyType, () => `Expected "${policyName}" to be defined`);
           return new NonNullType(new ListType(new NonNullType(new ListType(new NonNullType(PolicyType)))));
         },
-        compositionStrategy: ARGUMENT_COMPOSITION_STRATEGIES.UNION,
+        compositionStrategy: ARGUMENT_COMPOSITION_STRATEGIES.DNF_CONJUNCTION,
       }],
       locations: [
         DirectiveLocation.FIELD_DEFINITION,
@@ -56,6 +56,10 @@ export class PolicySpecDefinition extends FeatureDefinition {
     }));
   }
 
+  policyDirective(schema: Schema): DirectiveDefinition<{policies: string[][]}> | undefined {
+    return this.directive(schema, PolicySpecDefinition.directiveName);
+  }
+
   get defaultCorePurpose(): CorePurpose {
     return 'SECURITY';
   }

package/src/specs/requiresScopesSpec.ts

@@ -6,7 +6,7 @@ import {
   FeatureUrl,
   FeatureVersion,
 } from "./coreSpec";
-import { ListType, NonNullType } from "../definitions";
+import {DirectiveDefinition, ListType, NonNullType, Schema} from "../definitions";
 import { createDirectiveSpecification, createScalarTypeSpecification } from "../directiveAndTypeSpecification";
 import { registerKnownFeature } from "../knownCoreFeatures";
 import { ARGUMENT_COMPOSITION_STRATEGIES } from "../argumentCompositionStrategies";
@@ -43,7 +43,7 @@ export class RequiresScopesSpecDefinition extends FeatureDefinition {
           assert(scopeType, () => `Expected "${scopeName}" to be defined`);
           return new NonNullType(new ListType(new NonNullType(new ListType(new NonNullType(scopeType)))));
         },
-        compositionStrategy: ARGUMENT_COMPOSITION_STRATEGIES.UNION,
+        compositionStrategy: ARGUMENT_COMPOSITION_STRATEGIES.DNF_CONJUNCTION,
       }],
       locations: [
         DirectiveLocation.FIELD_DEFINITION,
@@ -57,6 +57,10 @@ export class RequiresScopesSpecDefinition extends FeatureDefinition {
     }));
   }
 
+  requiresScopesDirective(schema: Schema): DirectiveDefinition<{scopes: string[][]}> | undefined {
+    return this.directive(schema, RequiresScopesSpecDefinition.directiveName);
+  }
+
   get defaultCorePurpose(): CorePurpose {
     return 'SECURITY';
   }