Skip to main content

requiresStepUp

Requires the calling session to hold a fresh step-up grant for the named policy scope. When no grant exists, the directive returns a typed GraphQL error (extensions.code = "STEP_UP_REQUIRED") so the dashboard's stepUpErrorLink can open the StepUpModal automatically and retry on success.

ttlSeconds and consumeOnFirstUse are advisory — the server enforces the policy in internal/authz/stepup.PolicyForScope; the arguments here document the intent at the resolver site for code review.

directive @requiresStepUp(
scope: String!
ttlSeconds: Int = 300
consumeOnFirstUse: Boolean = false
) on FIELD_DEFINITION

Arguments

requiresStepUp.scope ● String! non-null scalar

requiresStepUp.ttlSeconds ● Int scalar

requiresStepUp.consumeOnFirstUse ● Boolean scalar