Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

@auth with multiple auth types on nested types not working

See original GitHub issue

I have implemented multiple authentication systems with Cognito pools as the default and ‘IAM’ as the other.

I have a city model:

`type City @model 
@key(name: "cityByName", fields: ["title"], queryField: "findCityByName")
  @auth(rules: [
    { allow: groups, groups: ["admin"], operations: [update, delete, create] },
    { allow: public, provider: iam, operations: [read] }
  ])
@searchable {
  id: ID!
  title: String!
  description: String
  country: String
  continent: String
  location: Location
  timezoneOffset: Float
  currency: String
  images: [String]
  createdAt: Float!
  updatedAt: Float!
}
`

with the nested object type ‘Location’:

type Location { lat: Float lon: Float }

Now if I run the query with IAM as the auth mode, the query gives an error:

message: “Not Authorized to access lat on type Location”

Location is a type and simply outlines the data structure for location, and I cannot apply auth rules to it unless i convert it with the @model directive, which I dont want to do.

If i removed the location fields from the query being called, the data returns just fine.

How am i meant to get the location data if I cannot apply auth rules to the location without adding the @model directive??

Issue Analytics

State:
Created 4 years ago
Comments:9 (5 by maintainers)

Top GitHub Comments

2reactions

dubchoicommented, Nov 8, 2019

Oh I see, I thought we were only allowed to use the @auth directive when using amplify-cli, which it then translates to @aws_iam, etc.

For what it’s worth, I would expect the @auth rule to propagate to nested non-model types by default, but thanks for the workaround for now.

1reaction

kaustavghosh06commented, Nov 8, 2019

@dubchoi In the above schema, the type Location is a part of the schema.graphql file defined by the annotated schema. This type Location is not generated or overwritten by the CLI and whatever auth rules like @aws_iam is mentioned out there on this type Location, is passed through as is to the de-compiled schema.

Top Results From Across the Web

@auth directives don't apply to nested objects when using ...

Say I have a schema something like this: type Approval { id: ID! approvedAt: DateTime! } type Author @auth( query: { rule: """...

ASP.NET Core authorization not working for nested roles

I require a user to belong to at least one Active Directory role, depending on which environment the code is deployed to (DEV,STAGING,...

Authorization and authentication - AWS AppSync

Authorization types. There are five ways you can authorize applications to interact with your AWS AppSync GraphQL API. You specify which authorization type...

Use additional context in Microsoft Authenticator notifications

Additional context can be targeted to only a single group, which can be dynamic or nested. On-premises synchronized security groups and cloud- ...

Spring Security 5 - OAuth2 Login - Baeldung

Here we'll create credentials of type “OAuth2 Client ID” for our web application. ... If we're not working with a Spring Boot application, ......