Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Cannot set identityField to custom attribute using @auth

See original GitHub issue

Describe the bug When using @auth directive and “owner” type rule with identityField set to custom:fieldName the generator creates invalid template code

To Reproduce Create a model

type PigRun @model @auth(rules: [{
  allow: owner,
  ownerField: "pigRunClientId",
  identityField: "custom:company"
}]) {
  id: ID!
  client: Company! @connection(name: "CompanyPigRuns")
}

type Company @model {
  id: ID!
  name: String!
}

The generated resolver templates will use invalid $ctx.identity.custom:company syntax in Ownership check sections

Expected behavior I would expect the generators to use $ctx.identity.claims.get("custom:company_id") syntax that have worked for me with ID token before.

Desktop (please complete the following information):

amplify -v 0.1.28

Issue Analytics

State:
Created 5 years ago
Comments:9 (4 by maintainers)

Top GitHub Comments

1reaction

mkrncommented, Oct 24, 2018

Another gotcha for newcomers is to make sure to use idToken:

In your front-end code:

Amplify.configure({
  ...aws_exports,
  graphql_headers: async () => {
    try {
      const token = (await Auth.currentSession()).idToken.jwtToken;
      return { Authorization: token }
    }
    catch (e) {
        console.error(e);
        return {};
        // return { Authorization: await asyncLocalStorage.getItem("jwt") }
    }
  }
});

0reactions

github-actions[bot]commented, Jul 23, 2021

This issue has been automatically locked since there hasn’t been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels for those types of questions.

Top Results From Across the Web

Custom attribute not passed into ID_TOKEN created by AWS ...

In your Cognito user pool go to General Settings -> App Clients, then for each app client click on Show Details , then...

API (GraphQL) - Setup authorization rules - AWS Amplify Docs

You can set finer grained access controls using @auth on your schema which ... the field that authorize access based on attributes found...

Using attributes for access control policy example

These attributes can be mapped to tags and referenced in IAM permissions policies as principal tags. You can now manage access by changing...

Configure the Default Attributes Sent to the Application

(For OpenID Connect applications) The following claims can't be set via the default attribute configuration: iss, sub, zone_uuid, exp, nbf, iat, auth_time, ...

Add custom user attributes - CyberArk Docs

The attributes can then be used to specify application access in the following ways: Define application login authentication rules (through scripting only). For ......