"did not apply any authorization checks" error when setIdentity

[grizzly]

I have to update the identity in my code, so I am using

    $_identity = $this->Authentication->getIdentity();
    $data = $_identity->getOriginalData();
    if ($data instanceof User) {
        $data->x = [1];
    }
    $this->Authentication->setIdentity($_identity);

I am adding a scope with:

$posts = $this->Authorization->applyScope($posts, 'moderate');

Without the prevouse setIdentity, all works fine. When setting a new Identity, it gives me the "did not apply any authorization checks" error.

[markstory]

Do you replace the identity before or after the applyScope call? While it shouldn't matter, knowing more about what you're trying to do helps with reproducing the issue.

[grizzly]

Do you replace the identity before or after the applyScope call? While it shouldn't matter, knowing more about what you're trying to do helps with reproducing the issue.

The identity is replaced before, as part of the login process.

[markstory]

The identity is replaced before, as part of the login process.

So wouldn't the identity be consistent between the start of the controller action and the authorization check? Are you certain that the controller action is applying the policy scope? The tracking for whether or not an authorization check has been applied is very simple https://github.com/cakephp/authorization/blob/3.x/src/AuthorizationService.php#L117 and I don't see a way for it to misbehave.