Nice! The multiple authorizer pattern for one AppSync GraphQL endpoint is an eventual necessity, IMHO. So now I'm wondering out loud for discussion, which authorizer is the best default one? My project starting point was different. I started with API_KEY. The API_KEY AppSync authorizer is perfect for calling the GraphQL endpoint with superuser powers. It's simple. @auth is perfect for entities that are specific to a web app user. I added a AMAZON_COGNITO_USER_POOLS authorizer, second. That's how I ended up with multiple authorizers, too. I started with one default AppSync authorizer: API_KEY. I added the second AppSync endpoint authorizer with amplify update api. Which is kinda same place though the default authorizer for an endpoint is simply different.
What you could also do is initialize 2 API clients, one with API_KEY as the default and one with AMAZON_COGNITO_USER_POOLS as the default, then use the public one in the public part of your app, and the private one in the private part of your app.
I'm not sure if this is possible using Amplify, but you could simply write your own wrapper!
Slightly less code, to not have to set 'authMode' for each API.graphql() invocation! This is very interesting. A single AppSync endpoint has a single default authorizer. A single Amplify GraphQL client instance may have a single default authorization mode. It's up to the developer to evolve this god for saken security model!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Nice! The multiple authorizer pattern for one AppSync GraphQL endpoint is an eventual necessity, IMHO. So now I'm wondering out loud for discussion, which authorizer is the best default one? My project starting point was different. I started with API_KEY. The API_KEY AppSync authorizer is perfect for calling the GraphQL endpoint with superuser powers. It's simple. @auth is perfect for entities that are specific to a web app user. I added a AMAZON_COGNITO_USER_POOLS authorizer, second. That's how I ended up with multiple authorizers, too. I started with one default AppSync authorizer: API_KEY. I added the second AppSync endpoint authorizer with
amplify update api
. Which is kinda same place though the default authorizer for an endpoint is simply different.What you could also do is initialize 2 API clients, one with
API_KEY
as the default and one withAMAZON_COGNITO_USER_POOLS
as the default, then use the public one in the public part of your app, and the private one in the private part of your app.I'm not sure if this is possible using Amplify, but you could simply write your own wrapper!
Slightly less code, to not have to set 'authMode' for each API.graphql() invocation! This is very interesting. A single AppSync endpoint has a single default authorizer. A single Amplify GraphQL client instance may have a single default authorization mode. It's up to the developer to evolve this god for saken security model!