Need help with "@auth" for iOS app in React Native


I have the following schema.graphql in an AWS Amplify react-native iOS project:

type NCareReceiver
  @auth(rules: [{ allow: groups, groupsField: "group", operations: [read, create, update, delete] }]) {
  id: ID!
  details: String
  group: NGroup @hasOne

type NGroup
  @auth(rules: [{ allow: owner, ownerField: "owner", operations: [read, create, update, delete] }, { allow: public, operations: [read] }]) {
  id: ID!
  name: String
  owner: [String]

My goal is to have rows in NCareReceiver to only be accessible by the owners listed in the matching NGroup entry.

For example, I can have an NGroup row as:

    id: 123
    name: 'My row'
    owner: ['my-guid']

My NCareReceiver would be:

    id: 456
    details: 'My details'
    group: points to row above

When I query using either AppSync or DataStore, I am able to get the appropriate rows in NGroup where my user is listed in "owner" field. However whenever I query "NCareReceiver" I never get any data back. No error, and no data.

What am I missing to have dynamic groups work correctly?

Thanks, AlexK

gefragt vor 3 Monaten225 Aufrufe
1 Antwort

Your issue with the @auth directive in AWS Amplify for your React Native iOS app seems related to the setup of dynamic groups and their alignment with AWS Cognito User Pools. To solve :

  • Confirm your @auth rules in the GraphQL schema correctly reflect the intended access patterns. For NCareReceiver, ensure the group aligns with the correct user group in Cognito.
  • Verify your AWS Cognito settings, ensuring users are correctly assigned to groups and these groups correspond to what's defined in your NGroup and NCareReceiver types.
  • Check for any global authorization rules that might override your specific model-level rules.
profile picture
beantwortet vor 3 Monaten
profile picture
überprüft vor 2 Monaten
  • Thanks for your answer. Do you mean that the group names in my NGroup table need to also be in Cognito?

    What I want to achieve is a list of dynamic groups that can have a list of users who have access to certain rows in the NCareReceiver table.

    I have gotten "owner" to work in a table where only the list of "owners" have access to the rows they added (and only the rows they added). What I want to achieve is abstracting the "owner" from the main table and putting it in a secondary (group) table so that I only need to update in one place (I plan to have many tables refer to the same group).

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen