search

aws-amplify / amplify-category-api

The AWS Amplify CLI is a toolchain for simplifying serverless web and mobile development. This plugin provides functionality for the API category, allowing for the creation and management of GraphQL and REST based backends for your amplify project.
https://docs.amplify.aws/
Apache License 2.0
89 stars 76 forks source link

Support Guest Authorization for Custom Resolvers #2684

Open thomasoehri opened 3 months ago

thomasoehri commented 3 months ago

Describe the feature you'd like to request

The autogenerated get query for my model does not meet my needs as I require an additional step in the resolver (postDataLoad). Since there is no way to extend an autogenerated resolver in Gen 2, I added a custom query resolver:

customGetOrganization: a
            .query()
            .arguments({ id: a.id() })
            .returns(a.ref("Organization"))
            // All users can get an organization.
            .authorization((allow) => [allow.guest(), allow.authenticated()])
            .handler([
                a.handler.custom({
                    dataSource: a.ref("Organization"),
                    entry: "./organization/getOrganizationResolver/handler.js",
                }),
            ]),

I encounter an issue when adding allow.guest() to the custom query resolver, receiving the following error when trying to run the sandbox:

identityPool-based auth (allow.guest() and allow.authenticated('identityPool')) is not supported with a.handler.custom

In issue #2635 you mention that this is expected behaviour. However, I need all users, both authenticated and unauthenticated, to be able to query this data.

Why is guest authorization not supported for custom query resolvers? Do you plan on adding support?

Describe the solution you'd like

Support guest authorization for custom resolvers.

Describe alternatives you've considered

Using a lambda function for such a basic use-case is not an option since both lambda functions as well as appsync resolvers have their place as well as pros and cons and this isn't a use-case we should have to resort to using lambda functions.

I have many such cases in my project where i'll need to extend the very basic business logic of the default queries / resolvers and having to use lambda functions for all of these just because Amplify Gen 2 doesn't support guest authorization for custom resolvers isn't an option.

Additional context

No response

Is this something that you'd be interested in working on?

Would this feature include a breaking change?

ptyukavin commented 3 months ago

I encounter the same error when I try to follow the tutorial on using EventBridge as a data source from the Amplify Gen2 documentation.

OperationalFallacy commented 2 months ago

Run into this as well, EventBridge can't publish messages when pool/identity auth configured
https://github.com/aws-amplify/amplify-category-api/issues/2740