I'm still learning AWS Amplify and GraphQL schemas and I frequently check directive inputs. I've included this code here to make it easier for me to check.
# When applied to a type, augments the application with# owner and group-based authorization rules.directive @auth(rules: [AuthRule!]!) on OBJECT, FIELD_DEFINITIONinput AuthRule { allow: AuthStrategy! provider: AuthProvider ownerField: String # defaults to "owner" when using owner auth identityClaim: String # defaults to "username" when using owner auth groupClaim: String # defaults to "cognito:groups" when using Group auth groups: [String] # Required when using Static Group auth groupsField: String # defaults to "groups" when using Dynamic Group auth operations: [ModelOperation] # Required for finer control
# The following arguments are deprecated. It is encouraged to use the 'operations' argument. queries: [ModelQuery] mutations: [ModelMutation]}enum AuthStrategy { owner groups private public }enum AuthProvider { apiKey iam oidc userPools }enum ModelOperation { create update delete read }
# The following objects are deprecated. It is encouraged to use ModelOperations.enum ModelQuery { get list }enum ModelMutation { create update delete }
Here is the type example using @auth directive
type Todo @model @auth(rules: [{ allow: owner, operations: [read, update, delete] }]) { id: ID! updatedAt: AWSDateTime! content: String!}
Here’s a truth table for the above-mentioned schema
| getTodo | listTodos | createTodo | updateTodo | deleteTodo | |
|---|---|---|---|---|---|
| owner | ✅ | ✅ | ✅ | ✅ | ✅ |
| other | ❌ | ❌ | ✅ | ❌ | ❌ |
Thanks for reading! Reach out to me on Twitter if you have any questions or comments.
Reference
$share_post