Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Access "aud" claim in resolver mapping for AWS AppSync

0

I am using OIDC Access tokens to authenticate calls to AWS AppSync. I would like to filter on the different client-ids that are using the API, but I am not able to access the claim "aud"

Is there a way to read the "aud" claim in the resolver template, or some other way of getting the client-id? $context.identity.aud does not work (NULL)

Argomenti
ServerlessFront-end web e dispositivi mobiliIntegrazione delle applicazioni
Tag
AWS AppSync
Lingua
English
Ketil
posta 2 anni fa347 visualizzazioni
2 Risposte
0
Risposta accettata

I found it myself, you can access all claims using:

$ctx.identity.claims.aud
Ketil
con risposta 2 anni fa
0

Hi, Sorry to crash this thread. Just wondering are you using AppSync GraphQL for the above case? And if so, are you calling your GraphQL Api directly from an external client via the GQL Api https://....../graphql URL? I am having an issue such that I am calling my GraphQL Api (testing via postman) via the https:// end-point. I am using AccessKey/SecretKey/Session token in the postman Authorization setting. I can hit the Api, and the resolver can see the incoming payload. However, my payload does NOT contain the "identity" property. The "augments" property is there, but not the "identity". According to documentation, if using AWS_IAM authentication, the "identity" should be there.

rePost-User-8196003
con risposta 2 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente