OAuth Scope based Authorization in AppSync

0

Assume we have Cognito user pools with one application (ex: photos app) with custom scopes defined (ex: photos.read). In https API GW, we can restrict the access using the scope and audience. This article is explains using group claims - https://aws.amazon.com/blogs/mobile/graphql-security-appsync-amplify/. Can we do similar authorization based on OAuth scope ?

1 Answer
1

Hello!

I was taking a peek at your question and conversing with some colleagues, and I think I may have found an example CDK (AWS Cloud Development Kit) example that you may be able to test this with:

https://serverlessland.com/patterns/eventbridge-api-appsync-cdk

The serverlessland.com website is a site that our serverless developer advocates curate serverless patterns on, and after taking a peek at the page and corresponding GitHub page, I think this may be able to get you a head start on testing this.

Note it may spin up some infrastructure you don't need, but it will give you start on automating your deployments.

AWS
SUPPORT ENGINEER
Tim_P
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions