AMAZON_COGNITO_USER_POOLS authorization.Boto3 AppSync Client with either evaluate_mapping_template or evaluate_code functions.If I pass in the following context:
context = {
"arguments": {},
"stash": {},
"source": {},
"result": {},
"identity": {"username": "user"},
"request": {},
}
for the most basic resolver which just returns the ctx.identity.username.
The response contains an error:
'error': {'message': 'Unrecognized field "username" (class com.amazonaws.deepdish.common.identity.LambdaAuthIdentity), not marked as ignorable (one known property: "resolverContext"])\n at [Source: UNKNOWN; line: -1, column: -1] (through reference chain: com.amazonaws.deepdish.transform.model.MappingTemplateContext$MappingTemplateContextBuilder["identity"]->com.amazonaws.deepdish.common.identity.LambdaAuthIdentity["username"])'}
It seems like it is only using the AWS_LAMBDA authorization, which from the docs:
The identity has the following form:
type AppSyncIdentityLambda = { resolverContext: any; };
I can't see how to specify which type of authorisation type should be used for evaluation.
I've tried changing the content of the resolver and simplifying the context as per the problem description. I can't find anything about it in the docs and there are examples online where it says it should work.
Thanks in advance.
It seems the identity object needs to contain all required fields (it's not documented).
I was able to fix the issue by strictly following the official documentation: https://docs.aws.amazon.com/appsync/latest/devguide/test-debug-resolvers-js.html
An example identity object would look like the following:
identity: {
sub : "uuid",
issuer : " https://cognito-idp.{region}.amazonaws.com/{userPoolId}",
username : "Nadia",
claims : { },
sourceIp :[ "x.x.x.x" ],
defaultAuthStrategy : "ALLOW",
}