Reputation: 61
Aws Amplify Using Multiple Cognito User Pools in One GraphQL Api
I am new in AWS Amplify and I am try to make simple project.
I have two different frontend(react) projects. One of them for blog readers and one of them for editors.For both applications, I want to use same DynamoDB tables(and use graphql api). But I want to use different user pools for each project. How can I implement this?
I was reading this article - https://medium.com/@fullstackpho/aws-amplify-multi-auth-graphql-public-read-and-authenticated-create-update-delete-1bf5443b0ad1
I know AWS AppSync supports multiple authorization types like cognito, api key ... But does it support two cognito type?
Thanks,
Upvotes: 0
Views: 4080
Answers (1)
Reputation: 828
As per AWS documentation, you can use two different Cognito groups to access same AppSync API accessing the same DynamoDB table by following ways, which are pretty straight forward;
If you use aws_auth directive
type Query {
getPosts:[Post!]!
@aws_auth(cognito_groups: ["Bloggers", "Readers"])
}
If you use aws_cognito_user_pools directive
type Query {
getPosts:[Post!]!
@aws_api_key @aws_cognito_user_pools(cognito_groups: ["Bloggers", "Readers"])
}
Now, if you specifically want two different user pools for your same API and DynamoDB table, then you will have to go little extra mile to achieve this. Following are the steps:
- Add both of your user pools as Additional authorization providers in your AppSync settings.
- Use
@aws_cognito_user_poolsdirective with your queries and mutation in the schema and the object these queries and mutations are trying to access. - This is a tricky one! When you try to access the
$ctx.identity.cognitoIdentityPoolIdin your query/mutation resolver, it will throw you null. BecausecognitoIdentityPoolIdis only included inAWS_IAMauthorization header and not inAWS_COGNITO_USER_POOLS[Ref.]. However, you can still get user pool ID fromissfield in$ctx.identity.claimsand it will look something likehttps://cognito-idp.us-xxxx-x.amazonaws.com/us-xxxx-X_XxxXxxXX. Thisus-xxxx-X_XxxXxxXXis your user pool ID which you will have to parse somehow. - After parsing user pool ID, you can filter your users based on Cognito pool ID and then granting them the access to the table you desire.
Upvotes: 2
Related Questions
- How to change AWS Amplify Appsync default authorization mode form API KEY to cognito user pool?
- Using manually created Cognito User Pool with an amplify project
- AWS amplify - Can't synchronize via DataStore if I use an API Key; but Cognito User Pools work
- AWS Amplify (AppSync + Cognito) Authorization using dynamic groups per organitzation/tenant
- AWS Amplify with GraphQL - Defining authentication rules by different types of users
- Authenticating AppSync mutation using AWS Cognito User pool on Graphql playground
- Associate user information from Cognito with AWS Amplify GraphQL
- No User Pool when try to request cognito
- AWS Amplify GraphQL Schema that is linked to Cognito User Pool
- Support multiple user pools or organizations in Cogntio/AWS Amplify?