amplify-category-api icon indicating copy to clipboard operation
amplify-category-api copied to clipboard
verified publisher icon aws-amplify

Support Guest Authorization for Custom Resolvers

Open thomasoehri opened this issue 1 year ago • 5 comments

Describe the feature you'd like to request

The autogenerated get query for my model does not meet my needs as I require an additional step in the resolver (postDataLoad). Since there is no way to extend an autogenerated resolver in Gen 2, I added a custom query resolver:

customGetOrganization: a
            .query()
            .arguments({ id: a.id() })
            .returns(a.ref("Organization"))
            // All users can get an organization.
            .authorization((allow) => [allow.guest(), allow.authenticated()])
            .handler([
                a.handler.custom({
                    dataSource: a.ref("Organization"),
                    entry: "./organization/getOrganizationResolver/handler.js",
                }),
            ]),

I encounter an issue when adding allow.guest() to the custom query resolver, receiving the following error when trying to run the sandbox:

identityPool-based auth (allow.guest() and allow.authenticated('identityPool')) is not supported with a.handler.custom

In issue #2635 you mention that this is expected behaviour. However, I need all users, both authenticated and unauthenticated, to be able to query this data.

Why is guest authorization not supported for custom query resolvers? Do you plan on adding support?

Describe the solution you'd like

Support guest authorization for custom resolvers.

Describe alternatives you've considered

Using a lambda function for such a basic use-case is not an option since both lambda functions as well as appsync resolvers have their place as well as pros and cons and this isn't a use-case we should have to resort to using lambda functions.

I have many such cases in my project where i'll need to extend the very basic business logic of the default queries / resolvers and having to use lambda functions for all of these just because Amplify Gen 2 doesn't support guest authorization for custom resolvers isn't an option.

Additional context

No response

Is this something that you'd be interested in working on?

  • [ ] 👋 I may be able to implement this feature request

Would this feature include a breaking change?

  • [ ] ⚠️ This feature might incur a breaking change

thomasoehri avatar Jul 02 '24 13:07 thomasoehri

I encounter the same error when I try to follow the tutorial on using EventBridge as a data source from the Amplify Gen2 documentation.

ptyukavin avatar Jul 03 '24 12:07 ptyukavin

Run into this as well, EventBridge can't publish messages when pool/identity auth configured
https://github.com/aws-amplify/amplify-category-api/issues/2740

OperationalFallacy avatar Aug 03 '24 00:08 OperationalFallacy

Or change doc: https://docs.amplify.aws/flutter/build-a-backend/data/custom-business-logic/connect-eventbridge-datasource/

ZoroLH avatar Oct 18 '24 19:10 ZoroLH

I felt that I would like to be able to use this function when I want to create a simple query with limited items for anonymous users. It is possible to achieve this using Lambda Functions, but it would be a shame to use Lambda Functions just to filter keys.

nog avatar Mar 23 '25 15:03 nog

Please update the documentation @ZoroLH linked. Wasted a few hours trying to get this to work.

arnedubois1 avatar Mar 25 '25 13:03 arnedubois1