On Amplify's GraphQL, can we check the authentication or permission of updating contents before call the GraphQL API from browser?

Question

I'm creating a corporate in-house information management app as web apps with Amplify and Amplify-Studio.
Users on the app will be managed by Cognito via Amplify-Studio's user management screen.

I want to implement a function to restrict users to update records on specific types like Role Based Access Control.

I'm planning to use @auth directive with groups restriction.

On the update form page on the app, I also want to tell users having no updating permission to having no permission to avoid bad experiences like users noticing having no permission after input a lot of information for form on the update form page.

So I want to know how to get the users permission on GraphQL API from browser side.

Answer

Hello,

From Amplify/App sync perspective, there is no built-in way to retrieve the permissions of a user before hitting the App sync GraphQL endpoint.

One possible way I could think of is Cognito Pools would return groups of the User(in the JWT token) when a user logs in and you can get the groups and use it directly in your Front end code. This can be achieved like this: accessToken.payload['cognito:groups']

References
***
[+] https://github.com/aws-amplify/amplify-flutter/issues/413

[+] https://github.com/aws-amplify/amplify-android/issues/1655

I hope this answers your query.

On Amplify's GraphQL, can we check the authentication or permission of updating contents before call the GraphQL API from browser?

Relevant content