We aim to utilize Amplify's offline and sync capabilities in our native apps while maintaining our existing authentication process. I understand that we can employ Lambda functions for custom data access to authenticate our tokens, but I'm uncertain about how we can limit data access to respective owners. Is there a method to include owner information in the Lambda function?
I referred to this link for token verification, which functions smoothly, allowing us to establish the userId during token validation. However, we're unsure about how to incorporate owner information from Lambda into the data.
https://docs.amplify.aws/gen2/build-a-backend/data/customize-authz/custom-data-access-patterns/
const response = {
isAuthorized: isAuthorized,
resolverContext: {
// eslint-disable-next-line spellcheck/spell-checker
userid: userId,
author: userId,
info: 'contextual information A',
more_info: 'contextual information B'
},
deniedFields: [
`arn:aws:appsync:${process.env.AWS_REGION}:${accountId}:apis/${apiId}/types/Event/fields/comments`,
`Mutation.createEvent`
],
ttlOverride: 300
};
This is our schema
import {
type ClientSchema,
a,
defineData,
defineFunction
} from '@aws-amplify/backend';
const schema = a.schema({
Todo: a
.model({
content: a.string(),
author: a.string()
})
// STEP 1
// Indicate which models / fields should use a custom authorization rule
// .authorization([a.allow.public()])
.authorization([a.allow.custom()])
});
export type Schema = ClientSchema<typeof schema>;
export const data = defineData({
schema,
authorizationModes: {
defaultAuthorizationMode: 'lambda',
// STEP 2
// Pass in the function to be used for a custom authorization rule
lambdaAuthorizationMode: {
function: defineFunction({
entry: './custom-authorizer.ts'
}),
// (Optional) STEP 3
// Configure the token's time to live
timeToLiveInSeconds: 300
}
}
});
At the moment, with any valid token we are able to query all the records created by all users, but we want to limit that to only the owner records. Exactly how the authorisation rule works for the owner
We would appreciate any suggestions on how to accomplish this.