Joey Göksu

Joey Goksu

a passionate remote software engineer who loves storytelling

AWS Amplify @auth directives

May 18, 2020

I’m still learning AWS Amplify and graphql schemas and I check directives inputs a lot of time. I put this code here to check easily.

# When applied to a type, augments the application with
# owner and group-based authorization rules.
directive @auth(rules: [AuthRule!]!) on OBJECT, FIELD_DEFINITION
input AuthRule {
  allow: AuthStrategy!
  provider: AuthProvider
  ownerField: String # defaults to "owner" when using owner auth
  identityClaim: String # defaults to "username" when using owner auth
  groupClaim: String # defaults to "cognito:groups" when using Group auth
  groups: [String]  # Required when using Static Group auth
  groupsField: String # defaults to "groups" when using Dynamic Group auth
  operations: [ModelOperation] # Required for finer control

  # The following arguments are deprecated. It is encouraged to use the 'operations' argument.
  queries: [ModelQuery]
  mutations: [ModelMutation]
enum AuthStrategy { owner groups private public }
enum AuthProvider { apiKey iam oidc userPools }
enum ModelOperation { create update delete read }

# The following objects are deprecated. It is encouraged to use ModelOperations.
enum ModelQuery { get list }
enum ModelMutation { create update delete }

Here is the type example using @auth directive

type Todo @model
  @auth(rules: [{ allow: owner, operations: [read, update, delete] }]) {
  id: ID!
  updatedAt: AWSDateTime!
  content: String!

Here’s a truth table for the above-mentioned schema

getTodo listTodos createTodo updateTodo deleteTodo

Crafted with ❤️ in multiple locations [🇬🇧 🇷🇺 🇹🇷 🇺🇸]. · © 2022