Access denied for : keystone{ adminMeta { lists { ...

[Temkit]

this query is not working :

const { data: modules, errors: errorModules } = await client.query({
      query: gql`
        {
          keystone {
            adminMeta {
              lists {
                key
                description
                label
                singular
                plural
                path
                fields {
                  path
                }
              }
            }
          }
        }
      `,

with error :

ApolloError: GraphQL error: Access denied
at new ApolloError (/Users/sidalitemkit/work/web/ysana/kysana-pql/scripts/sanitate/node_modules/apollo-client/bundle.umd.js:92:26)
at /Users/sidalitemkit/work/web/ysana/kysana-pql/scripts/sanitate/node_modules/apollo-client/bundle.umd.js:1588:34
at /Users/sidalitemkit/work/web/ysana/kysana-pql/scripts/sanitate/node_modules/apollo-client/bundle.umd.js:2008:15
at Set.forEach ()
at /Users/sidalitemkit/work/web/ysana/kysana-pql/scripts/sanitate/node_modules/apollo-client/bundle.umd.js:2006:26
at Map.forEach ()
at QueryManager.broadcastQueries (/Users/sidalitemkit/work/web/ysana/kysana-pql/scripts/sanitate/node_modules/apollo-client/bundle.umd.js:2004:20)
at /Users/sidalitemkit/work/web/ysana/kysana-pql/scripts/sanitate/node_modules/apollo-client/bundle.umd.js:2131:19
at Object.next (/Users/sidalitemkit/work/web/ysana/kysana-pql/scripts/sanitate/node_modules/zen-observable/lib/Observable.js:322:23)
at notifySubscription (/Users/sidalitemkit/work/web/ysana/kysana-pql/scripts/sanitate/node_modules/zen-observable/lib/Observable.js:135:18) {
graphQLErrors: [
{
message: 'Access denied',
locations: [Array],
path: [Array],
extensions: [Object],
uid: 'ckp6wxt8s0000kkuu3u9nfs2b',
name: 'GraphQLError'
}
],
networkError: null,
extraInfo: undefined
}

To Reproduce

Steps to reproduce the behaviour:

1. create a new keystone next project with yarn
2. run the query like this :

  const authLink = setContext(async (_, { headers }) => {
    return {
      headers: {
        ...headers,
        authorization: `Bearer Fe26.2******  `,
      },
    };
  });

  const httpLink = createHttpLink({
    uri: 'http://localhost:3000/api/graphql',
    fetch: fetch,
  });

  const client = new ApolloClient({
    link: authLink.concat(httpLink),
    cache: new InMemoryCache(),
  });

  try {
    console.log('initata');
    const { data: modules, errors: errorModules } = await client.query({
      query: gql`
        {
          keystone {
            adminMeta {
              lists {
                key
                description
                label
                singular
                plural
                path
                fields {
                  path
                }
              }
            }
          }
        }
      `,
    });

Expected behavior

when running on the graphQl Explorer its working :

[Temkit]

but working when i do : isAccessAllowed: (context) => true,

export default auth.withAuth(
  config({
    db: {
      adapter: 'prisma_postgresql',
      url: '*********',
    },
    ui: {
      isAccessAllowed: (context) => true,
    },
    lists,
    session: withItemData(
      statelessSessions({
        maxAge: sessionMaxAge,
        secret: sessionSecret,
      }),
      { User: 'email' },
    ),
  }),
);

i thought that was only for UI ?
Why it's not working when using context.sudo ?