oieduardorabelo
oieduardorabelo

Reputation: 2985

3rd Party App Tokens within AppSync with User Pools

after some reading on Using multiple authorization types with AWS AppSync GraphQL APIs and The Complete Guide to User Authentication with the Amplify Framework , one thing I could not figure out is if I can have 3rd Party Application Tokens (e.g. like Twitter API) and use AppSync+Cognito to generate credentials for service-to-service mutations/query?

I already have a user flow via Cognito (type AMAZON_COGNITO_USER_POOLS). I want to centralize service-to-service calls using my AppSync. Limiting the service/token access would be great too (to only X Mutations, instead of the whole schema). Would that be possible?

I'm a bit lost around what are the current limitations.

thoughts and insights are more than welcome, thanks!

Upvotes: 2

Views: 782

Answers (1)

Sébastien Stormacq
Sébastien Stormacq

Reputation: 14915

As of today, AppSync does support 4 types of user authentication

  • API key (no authentication)
  • IAM credentials
  • OpenID tokens
  • Cognito User Pool tokens

There is a request to add custom lambda authorisers as well, but nothing has been announced to date.

In your scenario, I would use Cognito User Pool authentication on the App Sync side and federate Cognito User pool with Twitter OIDC. I know a couple of years ago Twitter was only supporting a custom subset of Oauth2. I'll let you check if they do support OIDC now :-)

But you're not the only asking this question

Upvotes: 1

Related Questions