npm - @mondaydotcomorg/monday-authorization - Versions diffs - 3.5.1-debug-getprofile-not-resolving-to-internal-9f5fe0f → 3.5.1-debug-getprofile-not-resolving-to-internal-d02966c - Mend

@mondaydotcomorg/monday-authorization 3.5.1-debug-getprofile-not-resolving-to-internal-9f5fe0f → 3.5.1-debug-getprofile-not-resolving-to-internal-d02966c

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/authorization-service.d.ts.map +1 -1
package/dist/authorization-service.js +58 -22
package/dist/clients/graph-api.d.ts +5 -1
package/dist/clients/graph-api.d.ts.map +1 -1
package/dist/clients/graph-api.js +4 -2
package/dist/esm/authorization-service.d.ts.map +1 -1
package/dist/esm/authorization-service.mjs +58 -22
package/dist/esm/clients/graph-api.d.ts +5 -1
package/dist/esm/clients/graph-api.d.ts.map +1 -1
package/dist/esm/clients/graph-api.mjs +4 -2
package/package.json +1 -1
package/src/authorization-service.ts +84 -28
package/src/clients/graph-api.ts +5 -3

package/dist/authorization-service.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;~~WA4CZ~~,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;~~mBA4CnB~~,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
1	+ {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAwCZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBAwGnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}

package/dist/authorization-service.js CHANGED Viewed

@@ -17,7 +17,6 @@ const PLATFORM_AUTHORIZE_PATH = '/internal_ms/authorization/authorize';
 const ALLOWED_SDK_PLATFORM_PROFILES_KEY = 'allowed-sdk-platform-profiles';
 const IN_RELEASE_SDK_PLATFORM_PROFILES_KEY = 'in-release-sdk-platform-profile';
 const PLATFORM_PROFILE_RELEASE_FF = 'sdk-platform-profiles';
-const NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF = 'navigate-can-action-in-scope-to-graph';
 function setRequestFetchOptions(customMondayFetchOptions) {
     authorizationInternalService.AuthorizationInternalService.setRequestFetchOptions(customMondayFetchOptions);
 }
@@ -111,21 +110,17 @@ class AuthorizationService {
             accountId,
             userId,
         };
-        console.log('[AuthorizationService.getProfile] Debug info:', debugInfo);
         authorizationInternalService.logger.info({ tag: 'authorization-service', ...debugInfo }, 'AuthorizationService.getProfile debug info');
         if (isInAllowedApps) {
             const profile = attributionsService.getProfile();
-            console.log('[AuthorizationService.getProfile] Returning profile from ALLOWED_SDK_PLATFORM_PROFILES_KEY:', profile);
             authorizationInternalService.logger.info({ tag: 'authorization-service', profile }, 'Returning profile from ALLOWED_SDK_PLATFORM_PROFILES_KEY');
             return profile;
         }
         if (isInReleaseApps && isFeatureFlagReleased) {
             const profile = attributionsService.getProfile();
-            console.log('[AuthorizationService.getProfile] Returning profile from IN_RELEASE_SDK_PLATFORM_PROFILES_KEY:', profile);
             authorizationInternalService.logger.info({ tag: 'authorization-service', profile }, 'Returning profile from IN_RELEASE_SDK_PLATFORM_PROFILES_KEY');
             return profile;
         }
-        console.log('[AuthorizationService.getProfile] Returning default PlatformProfile.APP');
         authorizationInternalService.logger.info({ tag: 'authorization-service', profile: attributionsService.PlatformProfile.APP }, 'Returning default PlatformProfile.APP');
         return attributionsService.PlatformProfile.APP;
     }
@@ -133,31 +128,72 @@ class AuthorizationService {
         if (scopedActions.length === 0) {
             return [];
         }
-        const shouldNavigateToGraph = Boolean(this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId }));
         const startTime = perf_hooks.performance.now();
-        let scopedActionResponseObjects;
-        let apiType;
-        if (shouldNavigateToGraph) {
-            apiType = 'graph';
-            scopedActionResponseObjects = await this.graphApi.checkPermissions(accountId, userId, scopedActions);
-        }
-        else {
-            apiType = 'platform';
-            const profile = this.getProfile(accountId, userId);
-            const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
-            scopedActionResponseObjects = await this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);
-        }
+        // Always call both APIs for comparison
+        const graphApiPromise = this.graphApi.checkPermissions(accountId, userId, scopedActions);
+        const profile = this.getProfile(accountId, userId);
+        const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
+        const platformApiPromise = this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);
+        const [graphApiResult, platformApiResponse] = await Promise.all([graphApiPromise, platformApiPromise]);
+        const graphApiResponse = graphApiResult.mapped;
+        const graphApiRawResponse = graphApiResult.raw;
         const endTime = perf_hooks.performance.now();
         const time = endTime - startTime;
-        // Record metrics for each authorization check
-        for (const obj of scopedActionResponseObjects) {
+        // Compare responses and log differences with raw lookup values
+        const differences = [];
+        for (let i = 0; i < scopedActions.length; i++) {
+            const graphResult = graphApiResponse[i];
+            const platformResult = platformApiResponse[i];
+            const { action, scope } = scopedActions[i];
+            const { resourceType, resourceId } = utils_authorization_utils.scopeToResource(scope);
+            const graphCan = graphResult?.permit?.can;
+            const platformCan = platformResult?.permit?.can;
+            // Log the raw lookup values for debugging
+            const graphResponseAtPath = graphApiRawResponse?.[resourceType]?.[String(resourceId)]?.[action];
+            authorizationInternalService.logger.info({
+                tag: 'authorization-service-api-comparison-detail',
+                action,
+                scope,
+                resourceType,
+                resourceId,
+                graphResponseAtPath,
+                graphCan,
+                platformCan,
+            }, `API comparison detail for ${action} on ${resourceType}/${resourceId}`);
+            if (graphCan !== platformCan) {
+                differences.push({
+                    action,
+                    scope,
+                    resourceType,
+                    resourceId,
+                    graphResponseAtPath,
+                    graphCan,
+                    platformCan,
+                });
+            }
+        }
+        const isSame = differences.length === 0;
+        authorizationInternalService.logger.info({
+            tag: 'authorization-service-api-comparison',
+            accountId,
+            userId,
+            profile,
+            scopedActionsCount: scopedActions.length,
+            isSame,
+            differencesCount: differences.length,
+            differences: differences.length > 0 ? differences : undefined,
+            timeMs: time,
+        }, `API comparison: graphApi vs platformApi - ${isSame ? 'SAME' : 'DIFFERENT'}`);
+        // Record metrics for each authorization check (using platform response)
+        for (const obj of platformApiResponse) {
             const { action, scope } = obj.scopedAction;
             const { resourceType } = utils_authorization_utils.scopeToResource(scope);
             const isAuthorized = obj.permit.can;
             prometheusService.sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time);
-            metricsService.recordAuthorizationTiming(apiType, time, 'canActionInScopeMultiple');
+            metricsService.recordAuthorizationTiming('platform', time, 'canActionInScopeMultiple');
         }
-        return scopedActionResponseObjects;
+        // Return platform API response
+        return platformApiResponse;
     }
     static async isAuthorizedSingular(accountId, userId, resources, action) {
         const { authorizationObjects } = createAuthorizationParams(resources, action);

package/dist/clients/graph-api.d.ts CHANGED Viewed

@@ -21,8 +21,12 @@ export declare class GraphApi {
     private static mapResponse;
     /**
      * Performs a complete authorization check using the Graph API
+     * Returns both the mapped response and raw response for debugging
      */
-    checkPermissions(accountId: number, userId: number, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
+    checkPermissions(accountId: number, userId: number, scopedActions: ScopedAction[]): Promise<{
+        mapped: ScopedActionResponseObject[];
+        raw: GraphIsAllowedResponse;
+    }>;
     private static ensureGraphReason;
 }
 //# sourceMappingURL=graph-api.d.ts.map

package/dist/clients/graph-api.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAiCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B~~;;OAEG~~;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;~~IAMxC~~,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
1	+ {"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAiCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;;OAGG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC;QAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;QAAC,GAAG,EAAE,sBAAsB,CAAA;KAAE,CAAC;IAOjF,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}

package/dist/clients/graph-api.js CHANGED Viewed

@@ -115,11 +115,13 @@ class GraphApi {
     }
     /**
      * Performs a complete authorization check using the Graph API
+     * Returns both the mapped response and raw response for debugging
      */
     async checkPermissions(accountId, userId, scopedActions) {
         const authToken = mondayJwt.signAuthorizationHeader({ appName: this.consumerAppName, accountId, userId });
-        const response = await this.fetchPermissions(authToken, scopedActions);
-        return GraphApi.mapResponse(scopedActions, response);
+        const rawResponse = await this.fetchPermissions(authToken, scopedActions);
+        const mappedResponse = GraphApi.mapResponse(scopedActions, rawResponse);
+        return { mapped: mappedResponse, raw: rawResponse };
     }
     static ensureGraphReason(reason, context) {
         if (!reason || typeof reason !== 'object' || typeof reason.key !== 'string') {

package/dist/esm/authorization-service.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;~~WA4CZ~~,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;~~mBA4CnB~~,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
1	+ {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAwCZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBAwGnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}

package/dist/esm/authorization-service.mjs CHANGED Viewed

@@ -15,7 +15,6 @@ const PLATFORM_AUTHORIZE_PATH = '/internal_ms/authorization/authorize';
 const ALLOWED_SDK_PLATFORM_PROFILES_KEY = 'allowed-sdk-platform-profiles';
 const IN_RELEASE_SDK_PLATFORM_PROFILES_KEY = 'in-release-sdk-platform-profile';
 const PLATFORM_PROFILE_RELEASE_FF = 'sdk-platform-profiles';
-const NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF = 'navigate-can-action-in-scope-to-graph';
 function setRequestFetchOptions(customMondayFetchOptions) {
     AuthorizationInternalService.setRequestFetchOptions(customMondayFetchOptions);
 }
@@ -109,21 +108,17 @@ class AuthorizationService {
             accountId,
             userId,
         };
-        console.log('[AuthorizationService.getProfile] Debug info:', debugInfo);
         logger.info({ tag: 'authorization-service', ...debugInfo }, 'AuthorizationService.getProfile debug info');
         if (isInAllowedApps) {
             const profile = getProfile();
-            console.log('[AuthorizationService.getProfile] Returning profile from ALLOWED_SDK_PLATFORM_PROFILES_KEY:', profile);
             logger.info({ tag: 'authorization-service', profile }, 'Returning profile from ALLOWED_SDK_PLATFORM_PROFILES_KEY');
             return profile;
         }
         if (isInReleaseApps && isFeatureFlagReleased) {
             const profile = getProfile();
-            console.log('[AuthorizationService.getProfile] Returning profile from IN_RELEASE_SDK_PLATFORM_PROFILES_KEY:', profile);
             logger.info({ tag: 'authorization-service', profile }, 'Returning profile from IN_RELEASE_SDK_PLATFORM_PROFILES_KEY');
             return profile;
         }
-        console.log('[AuthorizationService.getProfile] Returning default PlatformProfile.APP');
         logger.info({ tag: 'authorization-service', profile: PlatformProfile.APP }, 'Returning default PlatformProfile.APP');
         return PlatformProfile.APP;
     }
@@ -131,31 +126,72 @@ class AuthorizationService {
         if (scopedActions.length === 0) {
             return [];
         }
-        const shouldNavigateToGraph = Boolean(this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId }));
         const startTime = performance.now();
-        let scopedActionResponseObjects;
-        let apiType;
-        if (shouldNavigateToGraph) {
-            apiType = 'graph';
-            scopedActionResponseObjects = await this.graphApi.checkPermissions(accountId, userId, scopedActions);
-        }
-        else {
-            apiType = 'platform';
-            const profile = this.getProfile(accountId, userId);
-            const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
-            scopedActionResponseObjects = await this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);
-        }
+        // Always call both APIs for comparison
+        const graphApiPromise = this.graphApi.checkPermissions(accountId, userId, scopedActions);
+        const profile = this.getProfile(accountId, userId);
+        const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
+        const platformApiPromise = this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);
+        const [graphApiResult, platformApiResponse] = await Promise.all([graphApiPromise, platformApiPromise]);
+        const graphApiResponse = graphApiResult.mapped;
+        const graphApiRawResponse = graphApiResult.raw;
         const endTime = performance.now();
         const time = endTime - startTime;
-        // Record metrics for each authorization check
-        for (const obj of scopedActionResponseObjects) {
+        // Compare responses and log differences with raw lookup values
+        const differences = [];
+        for (let i = 0; i < scopedActions.length; i++) {
+            const graphResult = graphApiResponse[i];
+            const platformResult = platformApiResponse[i];
+            const { action, scope } = scopedActions[i];
+            const { resourceType, resourceId } = scopeToResource(scope);
+            const graphCan = graphResult?.permit?.can;
+            const platformCan = platformResult?.permit?.can;
+            // Log the raw lookup values for debugging
+            const graphResponseAtPath = graphApiRawResponse?.[resourceType]?.[String(resourceId)]?.[action];
+            logger.info({
+                tag: 'authorization-service-api-comparison-detail',
+                action,
+                scope,
+                resourceType,
+                resourceId,
+                graphResponseAtPath,
+                graphCan,
+                platformCan,
+            }, `API comparison detail for ${action} on ${resourceType}/${resourceId}`);
+            if (graphCan !== platformCan) {
+                differences.push({
+                    action,
+                    scope,
+                    resourceType,
+                    resourceId,
+                    graphResponseAtPath,
+                    graphCan,
+                    platformCan,
+                });
+            }
+        }
+        const isSame = differences.length === 0;
+        logger.info({
+            tag: 'authorization-service-api-comparison',
+            accountId,
+            userId,
+            profile,
+            scopedActionsCount: scopedActions.length,
+            isSame,
+            differencesCount: differences.length,
+            differences: differences.length > 0 ? differences : undefined,
+            timeMs: time,
+        }, `API comparison: graphApi vs platformApi - ${isSame ? 'SAME' : 'DIFFERENT'}`);
+        // Record metrics for each authorization check (using platform response)
+        for (const obj of platformApiResponse) {
             const { action, scope } = obj.scopedAction;
             const { resourceType } = scopeToResource(scope);
             const isAuthorized = obj.permit.can;
             sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time);
-            recordAuthorizationTiming(apiType, time, 'canActionInScopeMultiple');
+            recordAuthorizationTiming('platform', time, 'canActionInScopeMultiple');
         }
-        return scopedActionResponseObjects;
+        // Return platform API response
+        return platformApiResponse;
     }
     static async isAuthorizedSingular(accountId, userId, resources, action) {
         const { authorizationObjects } = createAuthorizationParams(resources, action);

package/dist/esm/clients/graph-api.d.ts CHANGED Viewed

@@ -21,8 +21,12 @@ export declare class GraphApi {
     private static mapResponse;
     /**
      * Performs a complete authorization check using the Graph API
+     * Returns both the mapped response and raw response for debugging
      */
-    checkPermissions(accountId: number, userId: number, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
+    checkPermissions(accountId: number, userId: number, scopedActions: ScopedAction[]): Promise<{
+        mapped: ScopedActionResponseObject[];
+        raw: GraphIsAllowedResponse;
+    }>;
     private static ensureGraphReason;
 }
 //# sourceMappingURL=graph-api.d.ts.map

package/dist/esm/clients/graph-api.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAiCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B~~;;OAEG~~;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;~~IAMxC~~,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
1	+ {"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAiCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;;OAGG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC;QAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;QAAC,GAAG,EAAE,sBAAsB,CAAA;KAAE,CAAC;IAOjF,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}

package/dist/esm/clients/graph-api.mjs CHANGED Viewed

@@ -113,11 +113,13 @@ class GraphApi {
     }
     /**
      * Performs a complete authorization check using the Graph API
+     * Returns both the mapped response and raw response for debugging
      */
     async checkPermissions(accountId, userId, scopedActions) {
         const authToken = signAuthorizationHeader({ appName: this.consumerAppName, accountId, userId });
-        const response = await this.fetchPermissions(authToken, scopedActions);
-        return GraphApi.mapResponse(scopedActions, response);
+        const rawResponse = await this.fetchPermissions(authToken, scopedActions);
+        const mappedResponse = GraphApi.mapResponse(scopedActions, rawResponse);
+        return { mapped: mappedResponse, raw: rawResponse };
     }
     static ensureGraphReason(reason, context) {
         if (!reason || typeof reason !== 'object' || typeof reason.key !== 'string') {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@mondaydotcomorg/monday-authorization",
-  "version": "3.5.1-debug-getprofile-not-resolving-to-internal-9f5fe0f",
+  "version": "3.5.1-debug-getprofile-not-resolving-to-internal-d02966c",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "license": "BSD-3-Clause",

package/src/authorization-service.ts CHANGED Viewed

@@ -173,22 +173,18 @@ export class AuthorizationService {
       userId,
     };
-    console.log('[AuthorizationService.getProfile] Debug info:', debugInfo);
     logger.info({ tag: 'authorization-service', ...debugInfo }, 'AuthorizationService.getProfile debug info');
     if (isInAllowedApps) {
       const profile = getProfile();
-      console.log('[AuthorizationService.getProfile] Returning profile from ALLOWED_SDK_PLATFORM_PROFILES_KEY:', profile);
       logger.info({ tag: 'authorization-service', profile }, 'Returning profile from ALLOWED_SDK_PLATFORM_PROFILES_KEY');
       return profile;
     }
     if (isInReleaseApps && isFeatureFlagReleased) {
       const profile = getProfile();
-      console.log('[AuthorizationService.getProfile] Returning profile from IN_RELEASE_SDK_PLATFORM_PROFILES_KEY:', profile);
       logger.info({ tag: 'authorization-service', profile }, 'Returning profile from IN_RELEASE_SDK_PLATFORM_PROFILES_KEY');
       return profile;
     }
-    console.log('[AuthorizationService.getProfile] Returning default PlatformProfile.APP');
     logger.info({ tag: 'authorization-service', profile: PlatformProfile.APP }, 'Returning default PlatformProfile.APP');
     return PlatformProfile.APP;
   }
@@ -202,43 +198,103 @@ export class AuthorizationService {
       return [];
     }
-    const shouldNavigateToGraph = Boolean(
-      this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId })
-    );
     const startTime = performance.now();
-    let scopedActionResponseObjects: ScopedActionResponseObject[];
-    let apiType: 'graph' | 'platform';
-    if (shouldNavigateToGraph) {
-      apiType = 'graph';
-      scopedActionResponseObjects = await this.graphApi.checkPermissions(accountId, userId, scopedActions);
-    } else {
-      apiType = 'platform';
-      const profile = this.getProfile(accountId, userId);
-      const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
+    // Always call both APIs for comparison
+    const graphApiPromise = this.graphApi.checkPermissions(accountId, userId, scopedActions);
-      scopedActionResponseObjects = await this.platformApi.checkPermissions(
-        profile,
-        internalAuthToken,
-        userId,
-        scopedActions
-      );
-    }
+    const profile = this.getProfile(accountId, userId);
+    const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
+    const platformApiPromise = this.platformApi.checkPermissions(
+      profile,
+      internalAuthToken,
+      userId,
+      scopedActions
+    );
+    const [graphApiResult, platformApiResponse] = await Promise.all([graphApiPromise, platformApiPromise]);
+    const graphApiResponse = graphApiResult.mapped;
+    const graphApiRawResponse = graphApiResult.raw;
     const endTime = performance.now();
     const time = endTime - startTime;
-    // Record metrics for each authorization check
-    for (const obj of scopedActionResponseObjects) {
+    // Compare responses and log differences with raw lookup values
+    const differences: Array<{
+      action: string;
+      scope: ScopeOptions;
+      resourceType: string;
+      resourceId: number;
+      graphResponseAtPath: unknown;
+      graphCan: boolean | undefined;
+      platformCan: boolean | undefined;
+    }> = [];
+    for (let i = 0; i < scopedActions.length; i++) {
+      const graphResult = graphApiResponse[i];
+      const platformResult = platformApiResponse[i];
+      const { action, scope } = scopedActions[i];
+      const { resourceType, resourceId } = scopeToResource(scope);
+      const graphCan = graphResult?.permit?.can;
+      const platformCan = platformResult?.permit?.can;
+      // Log the raw lookup values for debugging
+      const graphResponseAtPath = graphApiRawResponse?.[resourceType]?.[String(resourceId)]?.[action];
+      logger.info({
+        tag: 'authorization-service-api-comparison-detail',
+        action,
+        scope,
+        resourceType,
+        resourceId,
+        graphResponseAtPath,
+        graphCan,
+        platformCan,
+      }, `API comparison detail for ${action} on ${resourceType}/${resourceId}`);
+      if (graphCan !== platformCan) {
+        differences.push({
+          action,
+          scope,
+          resourceType,
+          resourceId,
+          graphResponseAtPath,
+          graphCan,
+          platformCan,
+        });
+      }
+    }
+    const isSame = differences.length === 0;
+    logger.info(
+      {
+        tag: 'authorization-service-api-comparison',
+        accountId,
+        userId,
+        profile,
+        scopedActionsCount: scopedActions.length,
+        isSame,
+        differencesCount: differences.length,
+        differences: differences.length > 0 ? differences : undefined,
+        timeMs: time,
+      },
+      `API comparison: graphApi vs platformApi - ${isSame ? 'SAME' : 'DIFFERENT'}`
+    );
+    // Record metrics for each authorization check (using platform response)
+    for (const obj of platformApiResponse) {
       const { action, scope } = obj.scopedAction;
       const { resourceType } = scopeToResource(scope);
       const isAuthorized = obj.permit.can;
       sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time);
-      recordAuthorizationTiming(apiType, time, 'canActionInScopeMultiple');
+      recordAuthorizationTiming('platform', time, 'canActionInScopeMultiple');
     }
-    return scopedActionResponseObjects;
+    // Return platform API response
+    return platformApiResponse;
   }
   private static async isAuthorizedSingular(

package/src/clients/graph-api.ts CHANGED Viewed

@@ -146,15 +146,17 @@ export class GraphApi {
   /**
    * Performs a complete authorization check using the Graph API
+   * Returns both the mapped response and raw response for debugging
    */
   async checkPermissions(
     accountId: number,
     userId: number,
     scopedActions: ScopedAction[]
-  ): Promise<ScopedActionResponseObject[]> {
+  ): Promise<{ mapped: ScopedActionResponseObject[]; raw: GraphIsAllowedResponse }> {
     const authToken = signAuthorizationHeader({ appName: this.consumerAppName, accountId, userId });
-    const response = await this.fetchPermissions(authToken, scopedActions);
-    return GraphApi.mapResponse(scopedActions, response);
+    const rawResponse = await this.fetchPermissions(authToken, scopedActions);
+    const mappedResponse = GraphApi.mapResponse(scopedActions, rawResponse);
+    return { mapped: mappedResponse, raw: rawResponse };
   }
   private static ensureGraphReason(