I'm using Cognito User Pools as the default authentication method. I'm also using iam for my lambda backend. I'm using an aws appsync client in the lambda function for some custom resolvers.
let's assume I have a User object type that fundamentally looks like this:
type User {
id: ID!
displayName: String!
}
What I want to be able to do:
I've been picking and prodding with the @auth directive attempting to get the results I'm looking for but nothing has been able to work. I've looked at the documentation at AWS GraphQL Transform Docs and I seem to be a bit confused.
Here's what I've tried:
type User
@model
@auth(rules: [
{ allow: owner, operations: [create, update, delete] }
{ allow: private, provider: iam, operations: [update, delete] }
]) {
id: ID!
displayName: String!
}
To my understanding, by removing read from the operations list in the @auth directive removes the check on get and list queries. What am I doing wrong? How do I achieved my desired results?
EDIT: To clarify, I've already enabled multiple authorization types. (cognito user pools by default and iam for the lambda resolvers). My question is: How do I use the @auth directive to get the intended results?
AuthProvider { apiKey iam oidc userPools }
So, I hope this can help you(its worked for me :-))
type User @model @auth(rules: [
{ allow: owner ,operations: [create, update, delete]},
{ allow: private, provider: iam, operations: [read, update, delete] }
{ allow: private, provider: userPools, operations: [read] }
]) {
id: ID!
name: String!
}