Skip to content

Multiple auth rules on owner field #3429

Description

@HansKVeri99

Amplify CLI Version

14.1.1

Question

Hi team!

I am migrating IdPs from Cognito User Pools to Auth0. For backward compatibility, I would like tokens from both providers to be valid for Appsync auth temporarily.
I have a working solution with 2 fields, one containing the Cognito sub, and the other containing an Auth0 sub.

@auth(rules: [
{allow: owner, ownerField: "auth0_sub_id", provider: oidc, identityClaim: "sub" }, 
{allow: owner, ownerField: "owner", provider: userPools}
])

However, configuring our backend to be compatible with the 2 field solution requires an extensive amount of work. Ideally, we would like a setup where the owner field could contain a sub from either provider.

Is it possible to achieve the same dual auth mode with just one field? Something like

  { allow: owner, ownerField: "owners", provider: userPools, identityClaim: "sub" },
  { allow: owner, ownerField: "owners", provider: oidc, identityClaim: "sub" }
...
  owners: [String]

This currently doesn't deploy, as running amplify push results in

  • Schema Creation Status is FAILED with details: Found 1 problem(s) with the schema: The type 'ModelSubscriptionResponsesEntityFilterInput' has declared an input field with a non unique name 'owners'.

Is there any way to use the owner field for both auth rules from different providers?

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingp1questionFurther information is requested

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions