[Authorize] appears to merely fake the response #42
Description
Create a project following the steps in https://chillicream.com/docs/hotchocolate/v12/security/authentication and https://chillicream.com/docs/hotchocolate/v12/security/authorization
You'll now have a class with [Authorize], a basic query class which resolves on id/resolve all/whatever, and supposedly secured by a JWT token.
Performing a graphql to the endpoint without a JWT token (or an invalid one) will result in the error "The current user is not authorized to access this resource" as expected, but the endpoint is called, all the code is executed, only the response is altered.
No actual authentication/authorization checks are run at all before executing the code.
Only the response is faked to indicate that the query failed.