Reputation: 1259
Appsync GraphQL api Authorization with oidc
I am using OIDC protocol for authentication in Appsync. For authorization/role management I am using a custom server which I am calling from an Appsync function. The problem here is, if I do the authorization part, all of the the resolvers should be turned into PIPELINE. In my opinion that's a bad design. I was wondering if there is any alternative way to implement this. Thanks in advance.
Upvotes: 0
Views: 399
Answers (1)
Reputation: 5751
AppSync supports OpenID Connect as an authorization mechanism, you don't need to validate the JWT token yourself in a function. Is there a use case for which you need to do that?
Also, what you described by using pipeline resolvers where the first function validates the authorization information is the current recommended way for doing this.
Upvotes: 1
Related Questions
- AWS AppSync Lambda authoriser always results in "Error: Request failed with status code 401"
- Wrapping graphQL(appsync) with REST API using Amazon api gateway
- Unable to auth into AppSync GraphQL api from Lambda using IAM and AppSyncClient
- How can I authenticate subscription with OpenID Connect in Appsync?
- Appsync oidc with auth0 as authorisation returns unauthorised
- AWS GraphQL Appsync - unable to assume role
- AppSync security best practices for 100% public, unauthenticated API's
- How to run Appsync Subscriptions on graphql playground
- AppSync subscription authorization problem
- AWS AppSync Authorization