发表新帖
发表新帖

Public queries and mutations (no authentication)

前端 未结
关注
1 621
粉色の甜心
粉色の甜心 2021-02-06 03:54

The documentation says there are 3 ways we can authorise an application to interact with the API, but it doesn\'t look like there is a way of having a public endpoint.<

相关标签:
1条回答
  • 南旧
    2021-02-06 04:01

    There are couple of ways in which you can do this based on Authentication mechanism.

    Say you are using Cognito Identity and using AWS IAM flow for authentication. Then you would have 2 policies one for Authenticated User and One for Unauthenticated User.

    Given a GraphQL Schema

    schema{
   query:Query
   mutation:Mutation
}

type Query{
   listTodo(count:Int, paginationToken:String):[TodoConnection];

}

type Mutation{
   addTodo(input:TodoInput):Todo
}

    Your Unauthenticated policy would look something like

    {
  "Version": "2012-10-17",
  "Statement": [
  {
     "Effect": "Allow",
     "Action": [
        "appsync:GraphQL"
     ],
     "Resource": [
        "arn:aws:appsync:us-west-2:<account-id>:apis/<api-id>/types/Query/fields/listTodo", 
        //-> below is for schema introspection
        "arn:aws:appsync:us-west-2:<account-id>:apis/<api-id>/types/Query/fields/__schema" 
     ]
    ]
   }
}

    Your authenticated user policy would look like

    {
  "Version": "2012-10-17",
  "Statement": [
  {
     "Effect": "Allow",
     "Action": [
        "appsync:GraphQL"
     ],
     "Resource": [
        "arn:aws:appsync:us-west-2:<account-id>:apis/<api-id>/types/Mutation/fields/addTodo",
        "arn:aws:appsync:us-west-2:<account-id>:apis/<api-id>/types/Query/fields/listTodo", 
        //-> below is for schema introspection
        "arn:aws:appsync:us-west-2:<account-id>:apis/<api-id>/types/Query/fields/__schema"
     ]
    ]
   }
}

    If you are using JWT Tokens then you will have to associate each Cognito User Pool User with a Group (like "Admin", "Users" etc). You then will have to associate each of the query/mutation with the Cognito Groups that can perform the operation using AWS AppSync auth directives. To do you you will only need to update the schema like below:

    schema{
   query:Query
   mutation:Mutation
}

type Query{
   listTodo(count:Int, paginationToken:String):[TodoConnection];
     @aws_auth(cognito_groups:["Users", "Admin"])
}

type Mutation{
   addTodo(input:TodoInput):Todo
     @aws_auth(cognito_groups:["Admin"])
}

    API Key based authentication, its not possible to have control over the operation.

    0 讨论(0)
 看不清?
提交回复
热议问题