Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

@auth Per Field #111

Closed
chrisco512 opened this issue Sep 5, 2018 · 6 comments
Closed

@auth Per Field #111

chrisco512 opened this issue Sep 5, 2018 · 6 comments
Assignees
@mikeparisstuff
Labels
feature-request Request a new feature graphql-transformer-v1 Issue related to GraphQL Transformer v1

Comments

@chrisco512
Copy link

Is your feature request related to a problem? Please describe.
Right now the @auth transformer can be applied to the model, but some use cases come up where you want only certain users to be able to access specific fields on a Type.

Describe the solution you'd like
Would like to be able to use the @auth transform on a per field basis

Describe alternatives you've considered
None, other than be implementing custom resolvers.

Additional context
None.
@kaustavghosh06 kaustavghosh06 added the graphql-transformer-v1 Issue related to GraphQL Transformer v1 label Sep 5, 2018
@mikeparisstuff
Copy link
Contributor

mikeparisstuff commented Sep 5, 2018
edited
Loading

I think this is a good idea. Have you thought more about how you would like to see it implemented?

I see two main options:

  1. Add arguments to @auth. Usage would look something like:
type Post @model @auth(allow: owner, fields: ["a", "b", "c"]) { ... }

Pros: Simple. Allows grouping fields.

Cons: Does not leverage the type system.

  1. Allow @auth to be specified on fields. Something like:
type User @model {
  ssn: String @auth(allow: owner)
}

Downsides of this approach are that you would have to define @auth per field that you want to protect. That being said you could always put @auth on the type with the most basic auth for all fields then fine tune using @auth on the field level.

Let me know what you think.

@chrisco512
Copy link
Author

chrisco512 commented Sep 6, 2018
edited
Loading

Hi @mikeparisstuff, thanks for your reply. I think I like the 2nd one better. It is more declarative and explicit when looking at the schema from a top level. Agreed, you'd generally want the most basic auth at top level for the model and then fine-grained definitions on a per-field basis.

@mikeparisstuff mikeparisstuff mentioned this issue Oct 23, 2018
Closed
@timrchavez
Copy link

This would be absolutely amazing to have.

@itrestian
Copy link

We (the AWS AppSync team) are currently looking for feedback on a server side solution for supporting field level auth and would love community feedback on the following RFC:

aws/aws-appsync-community#1

@mikeparisstuff mikeparisstuff mentioned this issue May 17, 2022
Open
@tobiasfeil
Copy link

For anyone looking (On Google, I found this first instead of the actual docs and only found them two days later):

This is supported now: https://docs.amplify.aws/cli/graphql-transformer/directives#field-level-authorization

@github-actions
Copy link

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels for those types of questions.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 26, 2021
@josefaidt josefaidt added feature-request Request a new feature and removed enhancement labels Sep 3, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mikeparisstuff mikeparisstuff

Labels
feature-request Request a new feature graphql-transformer-v1 Issue related to GraphQL Transformer v1
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@timrchavez @chrisco512 @mikeparisstuff @josefaidt @kaustavghosh06 @haverchuck @tobiasfeil @itrestian