Multiple Authorization methods in a single GraphQL API with AWS AppSync: Security at the Data Definition Level

type Notes {
userid: ID!
noteid: ID!
note: String
email: String
}
Querying the GraphQL API with an API Key
Multiple Authorization Providers on AWS AppSync
  • @aws_api_key — API_KEY for authorization
  • @aws_iam— AWS_IAM for authorization
  • @aws_oidc— OPENID_CONNECT for authorization
  • @aws_cognito_user_pools— AMAZON_COGNITO_USER_POOLS for authorization
type Notes @aws_api_key @aws_cognito_user_pools{
userid: ID!
noteid: ID!
note: String
email: String @aws_cognito_user_pools
}
type NotesConnection {
items: [Notes]
nextToken: String
}
type Query {
listNotes(filter: TableNotesFilterInput, limit: Int, nextToken: String): NotesConnection
}
type NotesConnection @aws_api_key @aws_cognito_user_pools{
items: [Notes]
nextToken: String
}
type Query {
listNotes(filter: TableNotesFilterInput, limit: Int, nextToken: String): NotesConnection @aws_api_key @aws_cognito_user_pools
}
Querying the GraphQL API with an API Key: No access to e-mail data!
   {
"path": [
"listNotes",
"items",
0,
"email"
],
"data": null,
"errorType": "Unauthorized",
"errorInfo": null,
"locations": [
{
"line": 22,
"column": 7,
"sourceName": null
}
],
"message": "Not Authorized to access email on type Notes"
}
Authenticating an user
Querying the GraphQL API with an authenticated Cognito User Pools user: Success!
Querying the GraphQL API with IAM

--

--

--

Product Manager AWS AppSync — Working hard. Having fun. Making history. With @AWSAmplify (Opinions. My. Own.)

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to dual boot Ubuntu 18.10 with Windows 10

RPA Automation using UIPath

Robotic Process Automation

The Issue with Family Cards

How Easy Matrices Programs Are!!!

7 Key Insights for Smart Contract Developers: What We’ve Learned Building Splice

Rust 101: Conditional Statements

HAPROXY USING ANSIBLE PLAYBOOK

TEN X CertiK

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ed Lima

Ed Lima

Product Manager AWS AppSync — Working hard. Having fun. Making history. With @AWSAmplify (Opinions. My. Own.)

More from Medium

Reduce CVEs in your containerized Node.js app using a Distroless base image

Remove package managers, shells, and other unnecessary programs

When Less is More: Serverless NAT Gateway — Part 1

Continuous Deployment Pipeline for React App on AWS S3 + CloudFront

Frictionless Serverless Development: Part 2 — Express, Configuration, Integration and Deployment