Closed vparpoil closed 5 years ago
I just ran into this rfc for the @auth directive : https://github.com/aws-amplify/amplify-cli/issues/1043 It’s stated that you cannot secure subscriptions yet
@vparpoil I will move to amplify-cli repo, they can handle this issue better than us.
Thanks for your feedback
@vparpoil We recently added support for adding authorization for your subscriptions. Please take a look at the documentation out here - https://aws-amplify.github.io/docs/cli-toolchain/graphql#authorizing-subscriptions
This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.
Looking for a help forum? We recommend joining the Amplify Community Discord server *-help
channels for those types of questions.
Which Category is your question related to? Amplify / AppSync
Provide additional details e.g. code snippets Let's create a subscription that receive updates on some user account data :
From the client, you will pass the UserAccountID that you first got from a query, and everything will work. Securing the query is doable with custom VTL logic in the resolver.
How to protect someone from passing another ID than it's own ID when subscribing, and hence getting the UserAccount from someone else ?
Subscriptions don't seem to be linked to resolvers in AppSync interface, do I need to create a sort of custom resolver here ?
I would love being able to define the subscription with : onUpdateMyUserAccount:UserAccount