I am trying to setup a graphql API using AWS Amplify which creates a notes system in which any authenticated user can create a note, as well as read any note created by a user that shares a cognito group with them.
I can see in the corresponding dynamoDB that the group
field is not being set, meaning that my fetch requests are returning an empty list.
I am using amplify gen 1 v6, and have been using these docs as reference, but am stuck on why it’s not working and can’t find any errors to go off.
I began with the schema:
type Todo @model @auth(rules: [
{ allow: groups, groupsField: "group"}
]) {
id: ID!
text: String!
groups: [String] @function(name: "setGroupField-${env}")
}
but was getting authentication errors when creating, and so changed it to:
type Todo @model @auth(rules: [
{ allow: groups, groupsField: "group", operations: [update, read] }
{ allow: owner, operations: [create] }
]) {
id: ID!
text: String!
groups: [String] @function(name: "setGroupField-${env}")
}
that fixed the authentication error when creating. I have also tried setting groups as a required field, and recieved errors that the create request did not fulfill the schema requirements.
I have the following setGroupField lambda resolver in both cases:
import json
import boto3
def handler(event, context):
# Extract the username and groups from the identity information
identity = event['identity']
groups = identity['claims'].get('cognito:groups', [])
print(groups)
# Check if the user belongs to a group
if not groups:
raise Exception("User is not part of any group.")
return groups
The print statement in the resolver has verified that it is successfully getting the correct groups.