Menu
I am using AWS AppSync, and logging in users with Cognito Federated Identities.
I'm hoping to have unauthenticated users have access to certain endpoints, while authenticated users will have access to other endpoints.
I have configured IAM Roles for each of the aforementioned, using e.g. "Resource": [ "Region:Account:apis/AppSyncName/types/Mutation/fields/XXX”]
My question is — how can I, using Cognito Federated Identities, get credentials to send through the AppSync Client.
My configuration for AppSync:
const client = new AWSAppSyncClient({
url: config.AppSync.ENDPOINT,
region: config.AppSync.REGION,
auth: {
type: AUTH_TYPE.AWS_IAM,
credentials: () => ReturnCredentials()
}
});
My Login Function
login(username, password) {
const user = new CognitoUser({ Username: username, Pool: userPool });
const authenticationData = { Username: username, Password: password };
const authenticationDetails = new AuthenticationDetails(authenticationData);
var responseFunctions = {
onSuccess: result => {
},
onFailure: err => {
console.log(err);
}
};
user.authenticateUser(authenticationDetails, responseFunctions);
}
I think I need to use GetCredentialsForIdentity after logging in, but am unsure how to pass these into the AppSync config. Moreover, how can I get credentials for an Unauthenticated user?
307
2.1.Go to AWS Cognito service and click “Manage Identity Pools”. 2. Enter “Identity pool name”, expand the “Authentication providers” section and select “Cognito” tab. This is where the Cognito authentication provider will be registered with the Identity pool.
AppSync is a powerful service by AWS that allows you to deploy GraphQL APIs with ease, as well as connect those APIs with data sources like AWS DynamoDB, lambda, and more. It can work without Amplify, but when you pair Amplify with it, you get some extra benefits.
Codegen helps you generate native code for iOS and Android, as well as the generation of types for Flow and TypeScript. It can also generate GraphQL statements (queries, mutations, and subscriptions) so that you don't have to hand code them.
Cloud security at AWS is the highest priority. As an AWS customer, you benefit from data centers and network architectures that are built to meet the requirements of the most security-sensitive organizations.
I would suggest using AWS Amplify in your application: https://github.com/aws/aws-amplify
npm install aws-amplify --save
You will then be able to use the Auth module from Amplify inside the AppSync client constructor like so:
const client = new AWSAppSyncClient({
url: AppSync.graphqlEndpoint,
region: AppSync.region,
auth: {
credentials: () => Auth.currentCredentials(),
},
});
From there you pass the client object to the Apollo GraphQL Provider:
const WithProvider = () => (
<ApolloProvider client={client}>
<Rehydrated>
<App />
</Rehydrated>
</ApolloProvider>
);
Now you can start making standard GraphQL calls to AWS AppSync using Apollo. The data will automatically be persisted offline but if you'd like to do offline mutations you'll need to configure Optimistic UI. You can read about all this here: https://docs.aws.amazon.com/appsync/latest/devguide/building-a-client-app-react.html#import-the-appsync-sdk-into-your-app
96
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
