amazon cognito - Set an authType of "User Pool Authorization" when testing a GraphQL resolver in the AppSync c

admin2025-04-15 0

I am trying to debug authentication rules on a GraphQL API (one created by Amplify).

I can open the AWS AppSync Console and see the auth functions that Amplify has created for my Message object: the key one here is QuerygetMessageauth0Function which is a VTL resolver. I have AMAZON_COGNITO_USER_POOLS as my authenticationType for this API (and this is confirmed in settings for the API).

I can also create a test context and test the VTL resolver function directly to see what it returns when given various input parameters and authentication information.

However, when I "Run Test" to test out the vtl resolver function to see why it isn't doing what I expect, $util.authType() returns "API Key Authorization", even though the authentication for this API is set to use Cognito pools. How do I test a VTL resolver function in the AppSync console and have the $util.authType() set to "User Pool Authorization"?

I am trying to debug authentication rules on a GraphQL API (one created by Amplify).

I can also create a test context and test the VTL resolver function directly to see what it returns when given various input parameters and authentication information.

Share Improve this question asked Feb 4 at 14:30 sil 2,1311 gold badge23 silver badges37 bronze badges

1 I believe there's been some change on the AWS side. I have tests that use evaluate_mapping_template that were passing on January 24th and failed on February 2nd. I'm also seeing util.authType() returning API Key Authorization where before it was returning "User Pool Authorization." I'm going to follow up with AWS support. – Dan Hook Commented Feb 23 at 14:09

Add a comment |

2 Answers 2

Sorted by: Reset to default 0

This was the result of an AWS bug. As of today, it has been fixed.

I filed a support request and and received a response on March 5th:

"This is to inform you that the internal team was able to identify the issue i.e., the observed behavior was due to a recent changes done by the team to enhance the evaluate-code APIs."

AppSync APIs can have multiple authentication modes.

Primary authorization mode (default)
Additional authorization modes

It seems, your AppSync API has Amazon Cognito User Pool as default authorization mode.

Now, when I look at similar VTL resolver QuerylistUserspostAuth0Function at my end, here is how it looks like:

You can see, the VTL is configured to handle different types of authorization.

Now coming to you question:

To test the VTL resolver with Cognito User Pool authentication in the AppSync console, you just need to login with userpool user. Once you login, necessary context info is automatically sent by the Test Console to AppSync service.

Second option is, if you are not using AppSync console, and sending the request directly to AppSync, then make sure you include an identity section as shown in below sample request. Reference

{
    "arguments": {
        "firstname": "Shaggy",
        "age": 4
    },
    "source": {},
    "result": {
        "breed": "Miniature Schnauzer",
        "color": "black_grey"
    },
    "identity": {
        "sub": "12345678-1234-1234-1234-123456789012",
        "issuer": "https://cognito-idp.region.amazonaws.com/user-pool-id",
        "username": "test_user",
        "claims": {
            "sub": "12345678-1234-1234-1234-123456789012",
            "email_verified": true,
            "email": "[email protected]",
            "username": "test_user",
            "cognito:username": "test_user"
        },
        "sourceIp": ["192.168.1.1"],
        "defaultAuthStrategy": "ALLOW"
    }

}

转载请注明原文地址:http://www.anycun.com/QandA/1744713240a86585.html

amazon cognito - Set an authType of &quot;User Pool Authorization&quot; when testing a GraphQL resolver in the AppSync c

2 Answers 2

Now coming to you question:

amazon cognito - Set an authType of "User Pool Authorization" when testing a GraphQL resolver in the AppSync c