By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

On Amplify's GraphQL, can we check the authentication or permission of updating contents before call the GraphQL API from browser?

0

I'm creating a corporate in-house information management app as web apps with Amplify and Amplify-Studio. Users on the app will be managed by Cognito via Amplify-Studio's user management screen.

I want to implement a function to restrict users to update records on specific types like Role Based Access Control.

I'm planning to use @auth directive with groups restriction.

On the update form page on the app, I also want to tell users having no updating permission to having no permission to avoid bad experiences like users noticing having no permission after input a lot of information for form on the update form page.

So I want to know how to get the users permission on GraphQL API from browser side.

Topics
Front-End Web & MobileSecurity, Identity, & Compliance
Tags
AWS AmplifyAmazon CognitoAWS Amplify Studio
Language
English
Tsujimoto Wataru
asked 2 years ago432 views
1 Answer
1

Hello,

From Amplify/App sync perspective, there is no built-in way to retrieve the permissions of a user before hitting the App sync GraphQL endpoint.

One possible way I could think of is Cognito Pools would return groups of the User(in the JWT token) when a user logs in and you can get the groups and use it directly in your Front end code. This can be achieved like this: accessToken.payload['cognito:groups']

References

[+] https://github.com/aws-amplify/amplify-flutter/issues/413

[+] https://github.com/aws-amplify/amplify-android/issues/1655

I hope this answers your query.

AWS
SUPPORT ENGINEER
rePost-User-4843893
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content