Hello,
customer is building an app that uses Cognito User Pools federated with on-prem Central Authentication Service (CAS) via SAML. This provides JWT tokens.
With this token they are calling GraphQL API from AppSync implemented via Amplify with DynamoDB. They are using "aws-amplify" library for this.
There are no errors when the call is a query or mutations. For example:
API.graphql(graphqlOperation(<some query here>, {}, <token>)).then(
(res) => (....)
But there is an exception if the call is of type "subscribe", example:
API.graphql(graphqlOperation(<some subscription name here>, {}, <token>)).subscribe({
next: (data) => (....)
message: "Connection failed: UnauthorizedException"
I can provide more details or arrange a customer call if anyone is eager to help out with this issue.
How is the graphql schema defined and how has authorization been setup?