Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Access "aud" claim in resolver mapping for AWS AppSync

0

I am using OIDC Access tokens to authenticate calls to AWS AppSync. I would like to filter on the different client-ids that are using the API, but I am not able to access the claim "aud"

Is there a way to read the "aud" claim in the resolver template, or some other way of getting the client-id? $context.identity.aud does not work (NULL)

Themen
ServerlosFrontend-Web & MobileAnwendungsintegration
Tags
AWS AppSync
Sprache
English
Ketil
gefragt vor 2 Jahren347 Aufrufe
2 Antworten
0
Akzeptierte Antwort

I found it myself, you can access all claims using:

$ctx.identity.claims.aud
Ketil
beantwortet vor 2 Jahren
0

Hi, Sorry to crash this thread. Just wondering are you using AppSync GraphQL for the above case? And if so, are you calling your GraphQL Api directly from an external client via the GQL Api https://....../graphql URL? I am having an issue such that I am calling my GraphQL Api (testing via postman) via the https:// end-point. I am using AccessKey/SecretKey/Session token in the postman Authorization setting. I can hit the Api, and the resolver can see the incoming payload. However, my payload does NOT contain the "identity" property. The "augments" property is there, but not the "identity". According to documentation, if using AWS_IAM authentication, the "identity" should be there.

rePost-User-8196003
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt