On Amplify's GraphQL, can we check the authentication or permission of updating contents before call the GraphQL API from browser?


I'm creating a corporate in-house information management app as web apps with Amplify and Amplify-Studio. Users on the app will be managed by Cognito via Amplify-Studio's user management screen.

I want to implement a function to restrict users to update records on specific types like Role Based Access Control.

I'm planning to use @auth directive with groups restriction.

On the update form page on the app, I also want to tell users having no updating permission to having no permission to avoid bad experiences like users noticing having no permission after input a lot of information for form on the update form page.

So I want to know how to get the users permission on GraphQL API from browser side.

1 Answer


From Amplify/App sync perspective, there is no built-in way to retrieve the permissions of a user before hitting the App sync GraphQL endpoint.

One possible way I could think of is Cognito Pools would return groups of the User(in the JWT token) when a user logs in and you can get the groups and use it directly in your Front end code. This can be achieved like this: accessToken.payload['cognito:groups']


[+] https://github.com/aws-amplify/amplify-flutter/issues/413

[+] https://github.com/aws-amplify/amplify-android/issues/1655

I hope this answers your query.

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions