- Published on
AWS Amplify @auth Directives
Quick Look Under the Hood
- Authors
- Name
- Joseph Goksu
- @josephgoksu
I'm still learning AWS Amplify and GraphQL schemas and I frequently check directive inputs. I've included this code here to make it easier for me to check.
# When applied to a type, augments the application with
# owner and group-based authorization rules.
directive @auth(rules: [AuthRule!]!) on OBJECT, FIELD_DEFINITION
input AuthRule {
allow: AuthStrategy!
provider: AuthProvider
ownerField: String # defaults to "owner" when using owner auth
identityClaim: String # defaults to "username" when using owner auth
groupClaim: String # defaults to "cognito:groups" when using Group auth
groups: [String] # Required when using Static Group auth
groupsField: String # defaults to "groups" when using Dynamic Group auth
operations: [ModelOperation] # Required for finer control
# The following arguments are deprecated. It is encouraged to use the 'operations' argument.
queries: [ModelQuery]
mutations: [ModelMutation]
}
enum AuthStrategy { owner groups private public }
enum AuthProvider { apiKey iam oidc userPools }
enum ModelOperation { create update delete read }
# The following objects are deprecated. It is encouraged to use ModelOperations.
enum ModelQuery { get list }
enum ModelMutation { create update delete }
Here is the type example using @auth directive
type Todo @model @auth(rules: [{ allow: owner, operations: [read, update, delete] }]) {
id: ID!
updatedAt: AWSDateTime!
content: String!
}
Here’s a truth table for the above-mentioned schema
| getTodo | listTodos | createTodo | updateTodo | deleteTodo | |
|---|---|---|---|---|---|
| owner | ✅ | ✅ | ✅ | ✅ | ✅ |
| other | ❌ | ❌ | ✅ | ❌ | ❌ |
Thanks for reading! Reach out to me on Twitter if you have any questions or comments.