skirang71
commented
3 months ago Adding annotations @aws_oidc & @aws_api_key in the schema at the respective query and other types worked for me as commented here. Seems like for any APIs with multiple authorization methods we need have those annotations added in the schema or removing additional authorization and having one primary authorization will work without any annotations
We are using Azure AD as the identity provider. Want to valildate the request using JWT token generated from Azure AD. So I have added Open ID Connect in the Additional authorization modes in the Appsync API settings and provided the valid issuer URL and client_id in the settings from the Azure AD OpenID Connect metadata document. But getting this error :
"{ "data": { "getLoginRedirect": null }, "errors": [ { "path": [ "getLoginRedirect" ], "data": null, "errorType": "Unauthorized", "errorInfo": null, "locations": [ { "line": 2, "column": 3, "sourceName": null } ], "message": "Not Authorized to access getLoginRedirect on type Query" } ] }" Checked my Authorization token, it has all the necessary claims and 'iss' and 'aud' are exactly same as the Issuer URL and client id in the settings. Unable to debug this. Really appreciate it if you guys can help me debugging this issue. Thanks!