@mondaydotcomorg/monday-authorization 3.5.0 → 3.5.1-debug-getprofile-not-resolving-to-internal-ba14ff5

package/dist/authorization-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4CnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
+{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAwCZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBAiFnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}

package/dist/authorization-service.js

@@ -17,7 +17,6 @@ const PLATFORM_AUTHORIZE_PATH = '/internal_ms/authorization/authorize';
 const ALLOWED_SDK_PLATFORM_PROFILES_KEY = 'allowed-sdk-platform-profiles';
 const IN_RELEASE_SDK_PLATFORM_PROFILES_KEY = 'in-release-sdk-platform-profile';
 const PLATFORM_PROFILE_RELEASE_FF = 'sdk-platform-profiles';
-const NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF = 'navigate-can-action-in-scope-to-graph';
 function setRequestFetchOptions(customMondayFetchOptions) {
     authorizationInternalService.AuthorizationInternalService.setRequestFetchOptions(customMondayFetchOptions);
 }
@@ -96,46 +95,88 @@ class AuthorizationService {
             authorizationInternalService.logger.error({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, failing request');
             throw new Error('AuthorizationService: igniteClient is not set, failing request');
         }
-        if (this.igniteClient.configuration.getObjectValue(ALLOWED_SDK_PLATFORM_PROFILES_KEY, []).includes(appName)) {
-            return attributionsService.getProfile();
+        const allowedApps = this.igniteClient.configuration.getObjectValue(ALLOWED_SDK_PLATFORM_PROFILES_KEY, []);
+        const inReleaseApps = this.igniteClient.configuration.getObjectValue(IN_RELEASE_SDK_PLATFORM_PROFILES_KEY, []);
+        const isInAllowedApps = allowedApps.includes(appName);
+        const isInReleaseApps = inReleaseApps.includes(appName);
+        const isFeatureFlagReleased = this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId });
+        const debugInfo = {
+            appName,
+            allowedApps,
+            inReleaseApps,
+            isInAllowedApps,
+            isInReleaseApps,
+            isFeatureFlagReleased,
+            accountId,
+            userId,
+        };
+        authorizationInternalService.logger.info({ tag: 'authorization-service', ...debugInfo }, 'AuthorizationService.getProfile debug info');
+        if (isInAllowedApps) {
+            const profile = attributionsService.getProfile();
+            authorizationInternalService.logger.info({ tag: 'authorization-service', profile }, 'Returning profile from ALLOWED_SDK_PLATFORM_PROFILES_KEY');
+            return profile;
         }
-        if (this.igniteClient.configuration
-            .getObjectValue(IN_RELEASE_SDK_PLATFORM_PROFILES_KEY, [])
-            .includes(appName) &&
-            this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId })) {
-            return attributionsService.getProfile();
+        if (isInReleaseApps && isFeatureFlagReleased) {
+            const profile = attributionsService.getProfile();
+            authorizationInternalService.logger.info({ tag: 'authorization-service', profile }, 'Returning profile from IN_RELEASE_SDK_PLATFORM_PROFILES_KEY');
+            return profile;
         }
+        authorizationInternalService.logger.info({ tag: 'authorization-service', profile: attributionsService.PlatformProfile.APP }, 'Returning default PlatformProfile.APP');
         return attributionsService.PlatformProfile.APP;
     }
     static async canActionInScopeMultiple(accountId, userId, scopedActions) {
         if (scopedActions.length === 0) {
             return [];
         }
-        const shouldNavigateToGraph = Boolean(this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId }));
         const startTime = perf_hooks.performance.now();
-        let scopedActionResponseObjects;
-        let apiType;
-        if (shouldNavigateToGraph) {
-            apiType = 'graph';
-            scopedActionResponseObjects = await this.graphApi.checkPermissions(accountId, userId, scopedActions);
-        }
-        else {
-            apiType = 'platform';
-            const profile = this.getProfile(accountId, userId);
-            const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
-            scopedActionResponseObjects = await this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);
-        }
+        // Always call both APIs for comparison
+        const graphApiPromise = this.graphApi.checkPermissions(accountId, userId, scopedActions);
+        const profile = this.getProfile(accountId, userId);
+        const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
+        const platformApiPromise = this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);
+        const [graphApiResponse, platformApiResponse] = await Promise.all([graphApiPromise, platformApiPromise]);
         const endTime = perf_hooks.performance.now();
         const time = endTime - startTime;
-        // Record metrics for each authorization check
-        for (const obj of scopedActionResponseObjects) {
+        // Compare responses and log differences
+        const differences = [];
+        for (let i = 0; i < scopedActions.length; i++) {
+            const graphResult = graphApiResponse[i];
+            const platformResult = platformApiResponse[i];
+            const graphCan = graphResult?.permit?.can;
+            const platformCan = platformResult?.permit?.can;
+            if (graphCan !== platformCan) {
+                differences.push({
+                    action: scopedActions[i].action,
+                    scope: scopedActions[i].scope,
+                    graphResult: graphResult?.permit,
+                    platformResult: platformResult?.permit,
+                });
+            }
+        }
+        const isSame = differences.length === 0;
+        authorizationInternalService.logger.info({
+            tag: 'authorization-service-api-comparison',
+            accountId,
+            userId,
+            profile,
+            scopedActionsCount: scopedActions.length,
+            isSame,
+            differencesCount: differences.length,
+            differences: differences.length > 0 ? differences : undefined,
+            graphApiResponse,
+            platformApiResponse,
+            timeMs: time,
+        }, `API comparison: graphApi vs platformApi - ${isSame ? 'SAME' : 'DIFFERENT'}`);
+        // Record metrics for each authorization check (using platform response)
+        for (const obj of platformApiResponse) {
             const { action, scope } = obj.scopedAction;
             const { resourceType } = utils_authorization_utils.scopeToResource(scope);
             const isAuthorized = obj.permit.can;
             prometheusService.sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time);
-            metricsService.recordAuthorizationTiming(apiType, time, 'canActionInScopeMultiple');
+            metricsService.recordAuthorizationTiming('platform', time, 'canActionInScopeMultiple');
         }
-        return scopedActionResponseObjects;
+        // Return platform API response
+        return platformApiResponse;
     }
     static async isAuthorizedSingular(accountId, userId, resources, action) {
         const { authorizationObjects } = createAuthorizationParams(resources, action);

package/dist/clients/graph-api.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAgCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
+{"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAiCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}

package/dist/clients/graph-api.js

@@ -65,6 +65,7 @@ class GraphApi {
                 url: {
                     appName: constants.GRAPH_APP_NAME,
                     path: CAN_ACTION_IN_SCOPE_GRAPH_PATH,
+                    profile: constants.GraphApiProfile.PERMISSION,
                 },
                 method: 'POST',
                 headers: {

package/dist/constants.d.ts

@@ -2,6 +2,9 @@ import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
 import { FetcherConfig } from '@mondaydotcomorg/trident-backend-api';
 export declare const APP_NAME = "authorization";
 export declare const GRAPH_APP_NAME = "authorization-graph";
+export declare enum GraphApiProfile {
+    PERMISSION = "authorization-graph-permission"
+}
 export declare const ERROR_MESSAGES: {
     readonly HTTP_CLIENT_NOT_INITIALIZED: "MondayAuthorization: HTTP client is not initialized";
     readonly REQUEST_FAILED: (method: string, status: number, reason: string) => string;

package/dist/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AACxC,eAAO,MAAM,cAAc,wBAAwB,CAAC;AAEpD,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC;AAEX,eAAO,MAAM,qBAAqB,EAAE,gBAAgB,CAAC,aAAa,CAUjE,CAAC"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AACxC,eAAO,MAAM,cAAc,wBAAwB,CAAC;AAEpD,oBAAY,eAAe;IACzB,UAAU,mCAAmC;CAC9C;AAED,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC;AAEX,eAAO,MAAM,qBAAqB,EAAE,gBAAgB,CAAC,aAAa,CAUjE,CAAC"}

package/dist/constants.js

@@ -2,6 +2,10 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 
 const APP_NAME = 'authorization';
 const GRAPH_APP_NAME = 'authorization-graph';
+exports.GraphApiProfile = void 0;
+(function (GraphApiProfile) {
+    GraphApiProfile["PERMISSION"] = "authorization-graph-permission";
+})(exports.GraphApiProfile || (exports.GraphApiProfile = {}));
 const ERROR_MESSAGES = {
     HTTP_CLIENT_NOT_INITIALIZED: 'MondayAuthorization: HTTP client is not initialized',
     REQUEST_FAILED: (method, status, reason) => `MondayAuthorization: [${method}] request failed with status ${status} with reason: ${reason}`,

package/dist/esm/authorization-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4CnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
+{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAwCZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBAiFnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}

package/dist/esm/authorization-service.mjs

@@ -15,7 +15,6 @@ const PLATFORM_AUTHORIZE_PATH = '/internal_ms/authorization/authorize';
 const ALLOWED_SDK_PLATFORM_PROFILES_KEY = 'allowed-sdk-platform-profiles';
 const IN_RELEASE_SDK_PLATFORM_PROFILES_KEY = 'in-release-sdk-platform-profile';
 const PLATFORM_PROFILE_RELEASE_FF = 'sdk-platform-profiles';
-const NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF = 'navigate-can-action-in-scope-to-graph';
 function setRequestFetchOptions(customMondayFetchOptions) {
     AuthorizationInternalService.setRequestFetchOptions(customMondayFetchOptions);
 }
@@ -94,46 +93,88 @@ class AuthorizationService {
             logger.error({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, failing request');
             throw new Error('AuthorizationService: igniteClient is not set, failing request');
         }
-        if (this.igniteClient.configuration.getObjectValue(ALLOWED_SDK_PLATFORM_PROFILES_KEY, []).includes(appName)) {
-            return getProfile();
+        const allowedApps = this.igniteClient.configuration.getObjectValue(ALLOWED_SDK_PLATFORM_PROFILES_KEY, []);
+        const inReleaseApps = this.igniteClient.configuration.getObjectValue(IN_RELEASE_SDK_PLATFORM_PROFILES_KEY, []);
+        const isInAllowedApps = allowedApps.includes(appName);
+        const isInReleaseApps = inReleaseApps.includes(appName);
+        const isFeatureFlagReleased = this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId });
+        const debugInfo = {
+            appName,
+            allowedApps,
+            inReleaseApps,
+            isInAllowedApps,
+            isInReleaseApps,
+            isFeatureFlagReleased,
+            accountId,
+            userId,
+        };
+        logger.info({ tag: 'authorization-service', ...debugInfo }, 'AuthorizationService.getProfile debug info');
+        if (isInAllowedApps) {
+            const profile = getProfile();
+            logger.info({ tag: 'authorization-service', profile }, 'Returning profile from ALLOWED_SDK_PLATFORM_PROFILES_KEY');
+            return profile;
         }
-        if (this.igniteClient.configuration
-            .getObjectValue(IN_RELEASE_SDK_PLATFORM_PROFILES_KEY, [])
-            .includes(appName) &&
-            this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId })) {
-            return getProfile();
+        if (isInReleaseApps && isFeatureFlagReleased) {
+            const profile = getProfile();
+            logger.info({ tag: 'authorization-service', profile }, 'Returning profile from IN_RELEASE_SDK_PLATFORM_PROFILES_KEY');
+            return profile;
         }
+        logger.info({ tag: 'authorization-service', profile: PlatformProfile.APP }, 'Returning default PlatformProfile.APP');
         return PlatformProfile.APP;
     }
     static async canActionInScopeMultiple(accountId, userId, scopedActions) {
         if (scopedActions.length === 0) {
             return [];
         }
-        const shouldNavigateToGraph = Boolean(this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId }));
         const startTime = performance.now();
-        let scopedActionResponseObjects;
-        let apiType;
-        if (shouldNavigateToGraph) {
-            apiType = 'graph';
-            scopedActionResponseObjects = await this.graphApi.checkPermissions(accountId, userId, scopedActions);
-        }
-        else {
-            apiType = 'platform';
-            const profile = this.getProfile(accountId, userId);
-            const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
-            scopedActionResponseObjects = await this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);
-        }
+        // Always call both APIs for comparison
+        const graphApiPromise = this.graphApi.checkPermissions(accountId, userId, scopedActions);
+        const profile = this.getProfile(accountId, userId);
+        const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
+        const platformApiPromise = this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);
+        const [graphApiResponse, platformApiResponse] = await Promise.all([graphApiPromise, platformApiPromise]);
         const endTime = performance.now();
         const time = endTime - startTime;
-        // Record metrics for each authorization check
-        for (const obj of scopedActionResponseObjects) {
+        // Compare responses and log differences
+        const differences = [];
+        for (let i = 0; i < scopedActions.length; i++) {
+            const graphResult = graphApiResponse[i];
+            const platformResult = platformApiResponse[i];
+            const graphCan = graphResult?.permit?.can;
+            const platformCan = platformResult?.permit?.can;
+            if (graphCan !== platformCan) {
+                differences.push({
+                    action: scopedActions[i].action,
+                    scope: scopedActions[i].scope,
+                    graphResult: graphResult?.permit,
+                    platformResult: platformResult?.permit,
+                });
+            }
+        }
+        const isSame = differences.length === 0;
+        logger.info({
+            tag: 'authorization-service-api-comparison',
+            accountId,
+            userId,
+            profile,
+            scopedActionsCount: scopedActions.length,
+            isSame,
+            differencesCount: differences.length,
+            differences: differences.length > 0 ? differences : undefined,
+            graphApiResponse,
+            platformApiResponse,
+            timeMs: time,
+        }, `API comparison: graphApi vs platformApi - ${isSame ? 'SAME' : 'DIFFERENT'}`);
+        // Record metrics for each authorization check (using platform response)
+        for (const obj of platformApiResponse) {
             const { action, scope } = obj.scopedAction;
             const { resourceType } = scopeToResource(scope);
             const isAuthorized = obj.permit.can;
             sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time);
-            recordAuthorizationTiming(apiType, time, 'canActionInScopeMultiple');
+            recordAuthorizationTiming('platform', time, 'canActionInScopeMultiple');
         }
-        return scopedActionResponseObjects;
+        // Return platform API response
+        return platformApiResponse;
     }
     static async isAuthorizedSingular(accountId, userId, resources, action) {
         const { authorizationObjects } = createAuthorizationParams(resources, action);

package/dist/esm/clients/graph-api.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAgCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
+{"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAiCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}

package/dist/esm/clients/graph-api.mjs

@@ -4,7 +4,7 @@ import { PermitTechnicalReason } from '../types/scoped-actions-contracts.mjs';
 import { AuthorizationInternalService } from '../authorization-internal-service.mjs';
 import { getAttributionsFromApi } from '../attributions-service.mjs';
 import { scopeToResource } from '../utils/authorization.utils.mjs';
-import { GRAPH_APP_NAME } from '../constants.mjs';
+import { GRAPH_APP_NAME, GraphApiProfile } from '../constants.mjs';
 import { handleApiError } from '../utils/api-error-handler.mjs';
 
 const CAN_ACTION_IN_SCOPE_GRAPH_PATH = '/permissions/is-allowed';
@@ -63,6 +63,7 @@ class GraphApi {
                 url: {
                     appName: GRAPH_APP_NAME,
                     path: CAN_ACTION_IN_SCOPE_GRAPH_PATH,
+                    profile: GraphApiProfile.PERMISSION,
                 },
                 method: 'POST',
                 headers: {

package/dist/esm/constants.d.ts

@@ -2,6 +2,9 @@ import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
 import { FetcherConfig } from '@mondaydotcomorg/trident-backend-api';
 export declare const APP_NAME = "authorization";
 export declare const GRAPH_APP_NAME = "authorization-graph";
+export declare enum GraphApiProfile {
+    PERMISSION = "authorization-graph-permission"
+}
 export declare const ERROR_MESSAGES: {
     readonly HTTP_CLIENT_NOT_INITIALIZED: "MondayAuthorization: HTTP client is not initialized";
     readonly REQUEST_FAILED: (method: string, status: number, reason: string) => string;

package/dist/esm/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AACxC,eAAO,MAAM,cAAc,wBAAwB,CAAC;AAEpD,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC;AAEX,eAAO,MAAM,qBAAqB,EAAE,gBAAgB,CAAC,aAAa,CAUjE,CAAC"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AACxC,eAAO,MAAM,cAAc,wBAAwB,CAAC;AAEpD,oBAAY,eAAe;IACzB,UAAU,mCAAmC;CAC9C;AAED,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC;AAEX,eAAO,MAAM,qBAAqB,EAAE,gBAAgB,CAAC,aAAa,CAUjE,CAAC"}

package/dist/esm/constants.mjs

@@ -1,5 +1,9 @@
 const APP_NAME = 'authorization';
 const GRAPH_APP_NAME = 'authorization-graph';
+var GraphApiProfile;
+(function (GraphApiProfile) {
+    GraphApiProfile["PERMISSION"] = "authorization-graph-permission";
+})(GraphApiProfile || (GraphApiProfile = {}));
 const ERROR_MESSAGES = {
     HTTP_CLIENT_NOT_INITIALIZED: 'MondayAuthorization: HTTP client is not initialized',
     REQUEST_FAILED: (method, status, reason) => `MondayAuthorization: [${method}] request failed with status ${status} with reason: ${reason}`,
@@ -16,4 +20,4 @@ const DEFAULT_FETCH_OPTIONS = {
     },
 };
 
-export { APP_NAME, DEFAULT_FETCH_OPTIONS, ERROR_MESSAGES, GRAPH_APP_NAME };
+export { APP_NAME, DEFAULT_FETCH_OPTIONS, ERROR_MESSAGES, GRAPH_APP_NAME, GraphApiProfile };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mondaydotcomorg/monday-authorization",
-  "version": "3.5.0",
+  "version": "3.5.1-debug-getprofile-not-resolving-to-internal-ba14ff5",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "license": "BSD-3-Clause",

package/src/authorization-service.ts

@@ -155,19 +155,37 @@ export class AuthorizationService {
       logger.error({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, failing request');
       throw new Error('AuthorizationService: igniteClient is not set, failing request');
     }
-    if (
-      this.igniteClient.configuration.getObjectValue<string[]>(ALLOWED_SDK_PLATFORM_PROFILES_KEY, []).includes(appName)
-    ) {
-      return getProfile();
+
+    const allowedApps = this.igniteClient.configuration.getObjectValue<string[]>(ALLOWED_SDK_PLATFORM_PROFILES_KEY, []);
+    const inReleaseApps = this.igniteClient.configuration.getObjectValue<string[]>(IN_RELEASE_SDK_PLATFORM_PROFILES_KEY, []);
+    const isInAllowedApps = allowedApps.includes(appName);
+    const isInReleaseApps = inReleaseApps.includes(appName);
+    const isFeatureFlagReleased = this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId });
+
+    const debugInfo = {
+      appName,
+      allowedApps,
+      inReleaseApps,
+      isInAllowedApps,
+      isInReleaseApps,
+      isFeatureFlagReleased,
+      accountId,
+      userId,
+    };
+
+    logger.info({ tag: 'authorization-service', ...debugInfo }, 'AuthorizationService.getProfile debug info');
+
+    if (isInAllowedApps) {
+      const profile = getProfile();
+      logger.info({ tag: 'authorization-service', profile }, 'Returning profile from ALLOWED_SDK_PLATFORM_PROFILES_KEY');
+      return profile;
     }
-    if (
-      this.igniteClient.configuration
-        .getObjectValue<string[]>(IN_RELEASE_SDK_PLATFORM_PROFILES_KEY, [])
-        .includes(appName) &&
-      this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId })
-    ) {
-      return getProfile();
+    if (isInReleaseApps && isFeatureFlagReleased) {
+      const profile = getProfile();
+      logger.info({ tag: 'authorization-service', profile }, 'Returning profile from IN_RELEASE_SDK_PLATFORM_PROFILES_KEY');
+      return profile;
     }
+    logger.info({ tag: 'authorization-service', profile: PlatformProfile.APP }, 'Returning default PlatformProfile.APP');
     return PlatformProfile.APP;
   }
 
@@ -180,43 +198,80 @@ export class AuthorizationService {
       return [];
     }
 
-    const shouldNavigateToGraph = Boolean(
-      this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId })
-    );
-
     const startTime = performance.now();
-    let scopedActionResponseObjects: ScopedActionResponseObject[];
-    let apiType: 'graph' | 'platform';
 
-    if (shouldNavigateToGraph) {
-      apiType = 'graph';
-      scopedActionResponseObjects = await this.graphApi.checkPermissions(accountId, userId, scopedActions);
-    } else {
-      apiType = 'platform';
-      const profile = this.getProfile(accountId, userId);
-      const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
+    // Always call both APIs for comparison
+    const graphApiPromise = this.graphApi.checkPermissions(accountId, userId, scopedActions);
 
-      scopedActionResponseObjects = await this.platformApi.checkPermissions(
-        profile,
-        internalAuthToken,
-        userId,
-        scopedActions
-      );
-    }
+    const profile = this.getProfile(accountId, userId);
+    const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
+    const platformApiPromise = this.platformApi.checkPermissions(
+      profile,
+      internalAuthToken,
+      userId,
+      scopedActions
+    );
+
+    const [graphApiResponse, platformApiResponse] = await Promise.all([graphApiPromise, platformApiPromise]);
 
     const endTime = performance.now();
     const time = endTime - startTime;
 
-    // Record metrics for each authorization check
-    for (const obj of scopedActionResponseObjects) {
+    // Compare responses and log differences
+    const differences: Array<{
+      action: string;
+      scope: ScopeOptions;
+      graphResult: ScopedActionPermit;
+      platformResult: ScopedActionPermit;
+    }> = [];
+
+    for (let i = 0; i < scopedActions.length; i++) {
+      const graphResult = graphApiResponse[i];
+      const platformResult = platformApiResponse[i];
+
+      const graphCan = graphResult?.permit?.can;
+      const platformCan = platformResult?.permit?.can;
+
+      if (graphCan !== platformCan) {
+        differences.push({
+          action: scopedActions[i].action,
+          scope: scopedActions[i].scope,
+          graphResult: graphResult?.permit,
+          platformResult: platformResult?.permit,
+        });
+      }
+    }
+
+    const isSame = differences.length === 0;
+
+    logger.info(
+      {
+        tag: 'authorization-service-api-comparison',
+        accountId,
+        userId,
+        profile,
+        scopedActionsCount: scopedActions.length,
+        isSame,
+        differencesCount: differences.length,
+        differences: differences.length > 0 ? differences : undefined,
+        graphApiResponse,
+        platformApiResponse,
+        timeMs: time,
+      },
+      `API comparison: graphApi vs platformApi - ${isSame ? 'SAME' : 'DIFFERENT'}`
+    );
+
+    // Record metrics for each authorization check (using platform response)
+    for (const obj of platformApiResponse) {
       const { action, scope } = obj.scopedAction;
       const { resourceType } = scopeToResource(scope);
       const isAuthorized = obj.permit.can;
       sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time);
-      recordAuthorizationTiming(apiType, time, 'canActionInScopeMultiple');
+      recordAuthorizationTiming('platform', time, 'canActionInScopeMultiple');
     }
 
-    return scopedActionResponseObjects;
+    // Return platform API response
+    return platformApiResponse;
   }
 
   private static async isAuthorizedSingular(

package/src/clients/graph-api.ts

@@ -18,7 +18,7 @@ import {
   GraphPermissionReason,
 } from '../types/graph-api.types';
 import { scopeToResource } from '../utils/authorization.utils';
-import { GRAPH_APP_NAME } from '../constants';
+import { GRAPH_APP_NAME, GraphApiProfile } from '../constants';
 import { handleApiError } from '../utils/api-error-handler';
 
 const CAN_ACTION_IN_SCOPE_GRAPH_PATH = '/permissions/is-allowed';
@@ -85,6 +85,7 @@ export class GraphApi {
           url: {
             appName: GRAPH_APP_NAME,
             path: CAN_ACTION_IN_SCOPE_GRAPH_PATH,
+            profile: GraphApiProfile.PERMISSION,
           },
           method: 'POST',
           headers: {

package/src/constants.ts

@@ -4,6 +4,10 @@ import { FetcherConfig } from '@mondaydotcomorg/trident-backend-api';
 export const APP_NAME = 'authorization';
 export const GRAPH_APP_NAME = 'authorization-graph';
 
+export enum GraphApiProfile {
+  PERMISSION = 'authorization-graph-permission',
+}
+
 export const ERROR_MESSAGES = {
   HTTP_CLIENT_NOT_INITIALIZED: 'MondayAuthorization: HTTP client is not initialized',
   REQUEST_FAILED: (method: string, status: number, reason: string) =>