By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Access "aud" claim in resolver mapping for AWS AppSync

0

I am using OIDC Access tokens to authenticate calls to AWS AppSync. I would like to filter on the different client-ids that are using the API, but I am not able to access the claim "aud"

Is there a way to read the "aud" claim in the resolver template, or some other way of getting the client-id? $context.identity.aud does not work (NULL)

Topics
ServerlessFront-End Web & MobileApplication Integration
Tags
AWS AppSync
Language
English
Ketil
asked 2 years ago332 views
2 Answers
0
Accepted Answer

I found it myself, you can access all claims using:

$ctx.identity.claims.aud
Ketil
answered 2 years ago
0

Hi, Sorry to crash this thread. Just wondering are you using AppSync GraphQL for the above case? And if so, are you calling your GraphQL Api directly from an external client via the GQL Api https://....../graphql URL? I am having an issue such that I am calling my GraphQL Api (testing via postman) via the https:// end-point. I am using AccessKey/SecretKey/Session token in the postman Authorization setting. I can hit the Api, and the resolver can see the incoming payload. However, my payload does NOT contain the "identity" property. The "augments" property is there, but not the "identity". According to documentation, if using AWS_IAM authentication, the "identity" should be there.

rePost-User-8196003
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content