Multiple Authorization methods in a single GraphQL API with AWS AppSync: Security at the Data Definition Level

Ed Lima
Ed Lima
Jun 7 · 5 min read
type Notes {
userid: ID!
noteid: ID!
note: String
email: String
}
Querying the GraphQL API with an API Key
Multiple Authorization Providers on AWS AppSync
type Notes @aws_api_key @aws_cognito_user_pools{
userid: ID!
noteid: ID!
note: String
email: String @aws_cognito_user_pools
}
type NotesConnection {
items: [Notes]
nextToken: String
}
type Query {
listNotes(filter: TableNotesFilterInput, limit: Int, nextToken: String): NotesConnection
}
type NotesConnection @aws_api_key @aws_cognito_user_pools{
items: [Notes]
nextToken: String
}
type Query {
listNotes(filter: TableNotesFilterInput, limit: Int, nextToken: String): NotesConnection @aws_api_key @aws_cognito_user_pools
}
Querying the GraphQL API with an API Key: No access to e-mail data!
   {
"path": [
"listNotes",
"items",
0,
"email"
],
"data": null,
"errorType": "Unauthorized",
"errorInfo": null,
"locations": [
{
"line": 22,
"column": 7,
"sourceName": null
}
],
"message": "Not Authorized to access email on type Notes"
}
Authenticating an user
Querying the GraphQL API with an authenticated Cognito User Pools user: Success!
Querying the GraphQL API with IAM

Ed Lima

Written by

Ed Lima

Solutions Architect @AWScloud - Working hard. Having fun. Making history. (Opinions. My. Own.)

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade