Reputation: 2129
Set an authType of "User Pool Authorization" when testing a GraphQL resolver in the AppSync console
I am trying to debug authentication rules on a GraphQL API (one created by Amplify).
I can open the AWS AppSync Console and see the auth functions that Amplify has created for my Message object: the key one here is QuerygetMessageauth0Function which is a VTL resolver. I have AMAZON_COGNITO_USER_POOLS as my authenticationType for this API (and this is confirmed in settings for the API).
I can also create a test context and test the VTL resolver function directly to see what it returns when given various input parameters and authentication information.
However, when I "Run Test" to test out the vtl resolver function to see why it isn't doing what I expect, $util.authType() returns "API Key Authorization", even though the authentication for this API is set to use Cognito pools. How do I test a VTL resolver function in the AppSync console and have the $util.authType() set to "User Pool Authorization"?
Upvotes: 1
Views: 47
Answers (1)
Reputation: 7079
AppSync APIs can have multiple authentication modes.
- Primary authorization mode (default)
- Additional authorization modes
It seems, your AppSync API has Amazon Cognito User Pool as default authorization mode.
Now, when I look at similar VTL resolver QuerylistUserspostAuth0Function at my end, here is how it looks like:
You can see, the VTL is configured to handle different types of authorization.
Now coming to you question:
- To test the VTL resolver with Cognito User Pool authentication in the AppSync console, you just need to login with userpool user. Once you login, necessary context info is automatically sent by the Test Console to AppSync service.
Second option is, if you are not using AppSync console, and sending the request directly to AppSync, then make sure you include an
identitysection as shown in below sample request. Reference{ "arguments": { "firstname": "Shaggy", "age": 4 }, "source": {}, "result": { "breed": "Miniature Schnauzer", "color": "black_grey" }, "identity": { "sub": "12345678-1234-1234-1234-123456789012", "issuer": "https://cognito-idp.region.amazonaws.com/user-pool-id", "username": "test_user", "claims": { "sub": "12345678-1234-1234-1234-123456789012", "email_verified": true, "email": "[email protected]", "username": "test_user", "cognito:username": "test_user" }, "sourceIp": ["192.168.1.1"], "defaultAuthStrategy": "ALLOW" } }
Upvotes: 0
Related Questions
- "No current user": Isn't it even possible to make unauth calls to AWS AppSync through Amplify with authentication type AMAZON_COGNITO_USER_POOLS?
- Authenticating Graphql using cognito user pool
- AWS Appsync - unable to find User Pool Client ID
- "Error: No current user" when calling unauthenticated graphql query from react app
- How to use only `ctx.identity.cognitoIdentityId` to get related Cognito User Pool user data in AppSync Resolver?
- How to change AWS Amplify Appsync default authorization mode form API KEY to cognito user pool?
- Appsync graphql authorization with cognito
- AWS AppSync - GraphQL query timeout when running from AppSync Console
- Authenticate AppSync queries console with Cognito User Pools