OAuth Scope based Authorization in AppSync
Assume we have Cognito user pools with one application (ex: photos app) with custom scopes defined (ex: photos.read). In https API GW, we can restrict the access using the scope and audience. This article is explains using group claims - https://aws.amazon.com/blogs/mobile/graphql-security-appsync-amplify/. Can we do similar authorization based on OAuth scope ?
Hello!
I was taking a peek at your question and conversing with some colleagues, and I think I may have found an example CDK (AWS Cloud Development Kit) example that you may be able to test this with:
https://serverlessland.com/patterns/eventbridge-api-appsync-cdk
The serverlessland.com website is a site that our serverless developer advocates curate serverless patterns on, and after taking a peek at the page and corresponding GitHub page, I think this may be able to get you a head start on testing this.
Note it may spin up some infrastructure you don't need, but it will give you start on automating your deployments.
Relevant questions
Cognito IdP: Include "nonce" token in "id_token"
asked a month agoInvalid scope offline_access for cognito login
asked 3 months agoRestrict access to the users in groups via scope in cognito user pool
Accepted Answerasked 4 months agocan we customise the "SIGNIN" logo displayed on the top of the browser tab to application name for cognito login page UI
asked 2 months agoHow to add/suppress custom scope in AWS Pre-Token Generation trigger ?
asked 2 months agoOAuth Scope based Authorization in AppSync
asked 4 months agocan we attach the custom domain to lambda function urls ?
Accepted Answerasked a month agoOAUTH Password Grant Type with Cognito
asked 4 months agoHow can I revoke tokens created through Cognito oauth/token url?
asked 2 months agoAppsync + Identity Pools + Resolver Context
asked 2 months ago