I have defined a custom Query with its custom response, like this:
input ILocations {
id: String
address: String
latitude: String
longitude: String
city: String
state: String
}
type IBox {
id: ID
type: String
depth: Float
height: Float
width: Float
}
type ITruck {
id: ID
basePrice: Float
brand: String
model: String
yearModel: Int
axes: Int
hasGPS: Boolean
tons: Float
utilityPercentage: Float
fuelEfficiency: Float
fuelType: FuelType
frontPhoto: String
sidePhoto: String
backPhoto: String
measuresPhoto: String
truckBoxId: ID
truckFreightDriverId: ID
box: IBox
}
type IFreightDriver {
id: ID
state: String
city: String
truck: ITruck
}
type Query {
quotations(
origin: ILocations
destination: ILocations
boxType: String
boxSize: Float
truckTons: Float
): [IFreightDriver]
@function(name: "quotations-${env}")
@auth(rules: [{ allow: public, provider: iam }])
}
If I execute this query on the AppSync dashboard:
query {
quotations (
origin: {
address: "sdas"
latitude: "sdas"
longitude: "dsa"
city: "Guadalajara",
state: "Jalisco"
},
destination: {
address: "sdas"
latitude: "sdas"
longitude: "dsa"
city: "Zapopan",
state: "Jalisco"
},
boxType: "Seca (cerrada)",
boxSize: 64,
truckTons: 12
) {
id
}
}
I get this error about permissions:
{
"data": {
"quotations": [
{
"id": null
}
]
},
"errors": [
{
"path": [
"quotations",
0,
"id"
],
"data": null,
"errorType": "Unauthorized",
"errorInfo": null,
"locations": [
{
"line": 20,
"column": 5,
"sourceName": null
}
],
"message": "Not Authorized to access id on type IFreightDriver"
}
]
}
But, if I stringify the response from the lambda, and I change the query to receive a String, like this:
quotations(
origin: ILocations
destination: ILocations
boxType: String
boxSize: Float
truckTons: Float
): String
@function(name: "quotations-${env}")
@auth(rules: [{ allow: public, provider: iam }])
I receive the response correctly...
{
"data": {
"quotations": "[{\"id\":\"19847d0c-185c-48f6-9e5c-435e3907133a\",\"state\":\"Jalisco\",\"city\":\"Zapopan\",\"truck\":{\"__typename\":\"Truck\",\"model\":\"1234\",\"tons\":12,\"yearModel\":2020,\"measuresPhoto\":\"freight-driver/19847d0c-185c-48f6-9e5c-435e3907133a/trucks/qzo1x9g7kvb51.jpg\",\"truckFreightDriverId\":\"19847d0c-185c-48f6-9e5c-435e3907133a\",\"createdAt\":\"2020-08-13T21:02:36.305Z\",\"brand\":\"chevrolet\",\"fuelEfficiency\":12,\"truckBoxId\":\"b3d9000f-0464-4c3d-b436-f380b19d6fd5\",\"backPhoto\":\"freight-driver/19847d0c-185c-48f6-9e5c-435e3907133a/trucks/QCzn1_mWetzZjAFavJYSaug4F2IMAeOAzJa7T6rhC5Q.jpg\",\"frontPhoto\":\"freight-driver/19847d0c-185c-48f6-9e5c-435e3907133a/trucks/dlb0275xqna51.png\",\"utilityPercentage\":12,\"updatedAt\":\"2020-08-13T21:02:36.305Z\",\"sidePhoto\":\"freight-driver/19847d0c-185c-48f6-9e5c-435e3907133a/trucks/ebcpyk19csa51.jpg\",\"fuelType\":\"premium\",\"hasGPS\":true,\"id\":\"b7ec3b05-78c6-4ed9-823d-172a1e9991e5\",\"axes\":12,\"box\":{\"__typename\":\"Box\",\"width\":4,\"height\":4,\"updatedAt\":\"2020-08-13T21:02:35.840Z\",\"depth\":4,\"createdAt\":\"2020-08-13T21:02:35.840Z\",\"id\":\"b3d9000f-0464-4c3d-b436-f380b19d6fd5\",\"type\":\"Seca (cerrada)\"}},\"basePrice\":null}]"
}
}
Why is asking for these permissions? If someone needs the response I'm receiving:
[
{
"id": "19847d0c-185c-48f6-9e5c-435e3907133a",
"state": "Jalisco",
"city": "Zapopan",
"truck": {
"__typename": "Truck",
"model": "1234",
"tons": 12,
"yearModel": 2020,
"measuresPhoto": "freight-driver/19847d0c-185c-48f6-9e5c-435e3907133a/trucks/qzo1x9g7kvb51.jpg",
"truckFreightDriverId": "19847d0c-185c-48f6-9e5c-435e3907133a",
"createdAt": "2020-08-13T21:02:36.305Z",
"brand": "chevrolet",
"fuelEfficiency": 12,
"truckBoxId": "b3d9000f-0464-4c3d-b436-f380b19d6fd5",
"backPhoto": "freight-driver/19847d0c-185c-48f6-9e5c-435e3907133a/trucks/QCzn1_mWetzZjAFavJYSaug4F2IMAeOAzJa7T6rhC5Q.jpg",
"frontPhoto": "freight-driver/19847d0c-185c-48f6-9e5c-435e3907133a/trucks/dlb0275xqna51.png",
"utilityPercentage": 12,
"updatedAt": "2020-08-13T21:02:36.305Z",
"sidePhoto": "freight-driver/19847d0c-185c-48f6-9e5c-435e3907133a/trucks/ebcpyk19csa51.jpg",
"fuelType": "premium",
"hasGPS": true,
"id": "b7ec3b05-78c6-4ed9-823d-172a1e9991e5",
"axes": 12,
"box": {
"__typename": "Box",
"width": 4,
"height": 4,
"updatedAt": "2020-08-13T21:02:35.840Z",
"depth": 4,
"createdAt": "2020-08-13T21:02:35.840Z",
"id": "b3d9000f-0464-4c3d-b436-f380b19d6fd5",
"type": "Seca (cerrada)"
}
},
"basePrice": null
}
]
UPDATE: Also I tried to change the lambda response to just return an array of ids, something like this:
response from lambda:
[ { id: '19847d0c-185c-48f6-9e5c-435e3907133a' } ]
error from AppSync:
{
"data": {
"quotations": [
{
"id": null
}
]
},
"errors": [
{
"path": [
"quotations",
0,
"id"
],
"data": null,
"errorType": "Unauthorized",
"errorInfo": null,
"locations": [
{
"line": 20,
"column": 5,
"sourceName": null
}
],
"message": "Not Authorized to access id on type IFreightDriver"
}
]
}
schema.graphql:
type IFreightDriver {
id: ID
}
type Query {
quotations(
origin: ILocations
destination: ILocations
boxType: String
boxSize: Float
truckTons: Float
): [IFreightDriver]
@function(name: "quotations-${env}")
@auth(rules: [{ allow: public, provider: iam }])
}
You have to provide permission to access IFreightDriver. Since you are setting auth for the query but not on the object it is accessing/returning (which in your case is IFreightDriver), therefore it is throwing you permission error. However, when you switch your query to return just a string, you do not need to set any permission for that and that's why you don't see any error. Same is the case when you are returning just the id of IFreightDriver. It won't allow you to access the ids unless you set permission on IFreightDriver.