GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → dabit3 → appsync-auth-and-unauth

dabit3 / appsync-auth-and-unauth

Licence: other
How to allow both authenticated & unauthenticated access to an API

Programming Languages

javascript
184084 projects - #8 most used programming language
HTML
75241 projects
CSS
56736 projects

AWS AppSync - Authenticated & Unauthenticated Users

AWS AppSync now supports multiple authentication types! To learn more about how this works, check out the launch post here.

To learn more about how to use multiple authorization rules with Amplify GraphQL Transform, check out the documentation here.

The below steps are only if you want to set this up manually. We recommend using the built in APIs that enable multiple authorization types that are now part of the service.

Using the following steps, you can allow both Authenticated & Unauthenticated access to your AWS AppSync API:

  1. Create an Amplify project
amplify init
  1. Add auth with custom security configuration:
amplify add auth

Do you want to use the default authentication and security configuration? NO

Select the authentication/authorization services that you want to use: (Use arrow keys) User Sign-Up, Sign-In, connected with AWS IAM controls (Enables per-user Storage features for images or other content, Analytics, and more)

Please provide a friendly name for your resource that will be used to label this category in the project: YOURAPINAME

Please enter a name for your identity pool. YOURIDPOOLNAME

Allow unauthenticated logins? (Provides scoped down permissions that you can control via AWS IAM) Yes

Choose defaults for the rest of the questions

  1. Add the api
amplify add api

Choose Amazon Cognito User Pool as the authorization type.

  1. Create the API
amplify push

  1. In the AppSync API dashboard settings, change the authentication type to AWS Identity and Access Management (IAM)

  2. In aws.exports.js on the client app, change aws_appsync_authenticationType to AWS_IAM

  3. In the Cognito dashboard, click "Manage Identity Pools" & click on your identity pool.

  4. Click "Edit Identity Pool" to see your "Unauthenticated role" & "Authenticated Role"

  5. Open the IAM console & find the "Unauthenticated role" from step 8

  6. Click "Add inline policy"

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "appsync:GraphQL"
            ],
            "Resource": [
                "arn:aws:appsync:<REGION>:<ACCOUNTID>:apis/<APIID>/types/Mutation/fields/listTodos"
            ]
        }
    ]
}

  1. Open the IAM console & find the "Authenticated role" from step 8

  2. Click "Add inline policy"

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "appsync:GraphQL"
            ],
            "Resource": [
                "arn:aws:appsync:<REGION>:<ACCOUNTID>:apis/<APIID>/types/Mutation/fields/listTodos",
                "arn:aws:appsync:<REGION>:<ACCOUNTID>:apis/<APIID>/types/Mutation/fields/createTodo"
            ]
        }
    ]
}
  1. In index.js, add this code:
import { Auth } from 'aws-amplify'
Auth.currentCredentials()
  .then(d => console.log('data: ', d))
  .catch(e => console.log('error: ', e))
  1. You should now be able to query when logged out, & query & create mutations when logged in.

If you'd like to access the unique identity of the logged in user for user authorization & fine grained access control, you can access the $context.identity.cognitoIdentityId) in the resolver.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].