From b6f43219d7855c465a281fd869c3f91e4398310a Mon Sep 17 00:00:00 2001
From: Michael Law <1365977+lawmicha@users.noreply.github.com>
Date: Thu, 16 May 2024 15:04:04 -0400
Subject: [PATCH] fix(data): swift code snippets for customize auth
---
.../data/customize-authz/index.mdx | 34 +++++++++++++++
.../multi-user-data-access/index.mdx | 39 ++++++++++++++++-
.../per-user-per-owner-data-access/index.mdx | 20 ++++++++-
.../public-data-access/index.mdx | 42 ++++++++++++++++++
.../signed-in-user-data-access/index.mdx | 43 +++++++++++++++++++
.../user-group-based-data-access/index.mdx | 23 ++++++++++
6 files changed, 199 insertions(+), 2 deletions(-)
diff --git a/src/pages/[platform]/build-a-backend/data/customize-authz/index.mdx b/src/pages/[platform]/build-a-backend/data/customize-authz/index.mdx
index 811bcd7a8d6..a840ddd7a5d 100644
--- a/src/pages/[platform]/build-a-backend/data/customize-authz/index.mdx
+++ b/src/pages/[platform]/build-a-backend/data/customize-authz/index.mdx
@@ -164,6 +164,8 @@ const schema = a.schema({
On the client side, make sure to always authenticate with the corresponding authorization mode.
+
+
```ts
import { generateClient } from 'aws-amplify/data'
import type { Schema } from '@/amplify/data/resource' // Path to your backend resource definition
@@ -184,6 +186,38 @@ const { data: listPostsResult , errors } = await client.models.Post.list({
});
```
+
+
+
+
+Creating a post is restricted to Cognito User Pools.
+
+```swift
+do {
+ let post = Post(title: "Hello World")
+ let createdTodo = try await Amplify.API.mutate(request: .create(
+ post,
+ authMode: .amazonCognitoUserPools)).get()
+} catch {
+ print("Failed to create post", error)
+}
+```
+
+Listing posts is available to unauthenticated users (verified by Amazon Cognito identity pool's unauthenticated role)
+
+```swift
+do {
+ let queriedPosts = try await Amplify.API.query(request: .list(
+ Post.self,
+ authMode: .awsIAM)).get()
+ print("Number of posts:", queriedPosts.count)
+} catch {
+ print("Failed to list posts", error)
+}
+```
+
+
+
## Learn more about specific authorization strategies
diff --git a/src/pages/[platform]/build-a-backend/data/customize-authz/multi-user-data-access/index.mdx b/src/pages/[platform]/build-a-backend/data/customize-authz/multi-user-data-access/index.mdx
index baf4bab30c5..9d3d1b8b416 100644
--- a/src/pages/[platform]/build-a-backend/data/customize-authz/multi-user-data-access/index.mdx
+++ b/src/pages/[platform]/build-a-backend/data/customize-authz/multi-user-data-access/index.mdx
@@ -41,11 +41,14 @@ const schema = a.schema({
Todo: a
.model({
content: a.string(),
+ owners: a.string().array(),
})
.authorization(allow => [allow.ownersDefinedIn('owners')]),
});
```
+
+
In your application, you can perform CRUD operations against the model using `client.models.` with the `userPool` auth mode.
```ts
@@ -66,8 +69,10 @@ const { errors, data: newTodo } = await client.models.Todo.create(
// highlight-end
);
```
+
+Add another user as an owner
+
```ts
-// Add another user as an owner
await client.models.Todo.update(
{
id: newTodo.id,
@@ -81,6 +86,38 @@ await client.models.Todo.update(
);
```
+
+
+
+
+In your application, you can perform CRUD operations against the model with the `amazonCognitoUserPools` auth mode.
+
+```swift
+do {
+ let todo = Todo(content: "My new todo")
+ let createdTodo = try await Amplify.API.mutate(request: .create(
+ todo,
+ authMode: .amazonCognitoUserPools)).get()
+} catch {
+ print("Failed to create todo", error)
+}
+```
+
+Add another user as an owner
+
+```swift
+do {
+ createdTodo.owners?.append(otherUserId)
+ let updatedTodo = try await Amplify.API.mutate(request: .update(
+ createdTodo,
+ authMode: .amazonCognitoUserPools)).get()
+} catch {
+ print("Failed to update todo", error)
+}
+```
+
+
+
## Override to a list of owners
You can override the `inField` to a list of owners. Use this if you want a dynamic set of users to have access to a record. In the example below, the `authors` list is populated with the creator of the record upon record creation. The creator can then update the `authors` field with additional users. Any user listed in the `authors` field can access the record.
diff --git a/src/pages/[platform]/build-a-backend/data/customize-authz/per-user-per-owner-data-access/index.mdx b/src/pages/[platform]/build-a-backend/data/customize-authz/per-user-per-owner-data-access/index.mdx
index 0204b28f27f..f2305085277 100644
--- a/src/pages/[platform]/build-a-backend/data/customize-authz/per-user-per-owner-data-access/index.mdx
+++ b/src/pages/[platform]/build-a-backend/data/customize-authz/per-user-per-owner-data-access/index.mdx
@@ -36,7 +36,6 @@ The `owner` authorization strategy restricts operations on a record to only the
You can use the `owner` authorization strategy to restrict a record's access to a specific user. When `owner` authorization is configured, only the record's `owner` is allowed the specified operations.
-
```ts title="amplify/data/resource.ts"
// The "owner" of a Todo is allowed to create, read, update, and delete their own todos
const schema = a.schema({
@@ -60,6 +59,8 @@ const schema = a.schema({
});
```
+
+
In your application, you can perform CRUD operations against the model using `client.models.` with the `userPool` auth mode.
```ts
@@ -79,6 +80,23 @@ const { errors, data: newTodo } = await client.models.Todo.create(
// highlight-end
);
```
+
+
+
+
+In your application, you can perform CRUD operations against the model with the `amazonCognitoUserPools` auth mode.
+
+```swift
+do {
+ let todo = Todo(content: "My new todo")
+ let createdTodo = try await Amplify.API.mutate(request: .create(
+ todo,
+ authMode: .amazonCognitoUserPools)).get()
+} catch {
+ print("Failed to create todo", error)
+}
+```
+
Behind the scenes, Amplify will automatically add a `owner: a.string()` field to each record which contains the record owner's identity information upon record creation.
diff --git a/src/pages/[platform]/build-a-backend/data/customize-authz/public-data-access/index.mdx b/src/pages/[platform]/build-a-backend/data/customize-authz/public-data-access/index.mdx
index a1c7f9ad420..cd07fbed6e9 100644
--- a/src/pages/[platform]/build-a-backend/data/customize-authz/public-data-access/index.mdx
+++ b/src/pages/[platform]/build-a-backend/data/customize-authz/public-data-access/index.mdx
@@ -45,6 +45,8 @@ const schema = a.schema({
});
```
+
+
In your application, you can perform CRUD operations against the model using `client.models.` by specifying the `apiKey` auth mode.
```ts
@@ -65,6 +67,25 @@ const { errors, data: newTodo } = await client.models.Todo.create(
);
```
+
+
+
+
+In your application, you can perform CRUD operations against the model by specifying the `apiKey` auth mode.
+
+```swift
+do {
+ let todo = Todo(content: "My new todo")
+ let createdTodo = try await Amplify.API.mutate(request: .create(
+ todo,
+ authMode: .apiKey)).get()
+} catch {
+ print("Failed to create todo", error)
+}
+```
+
+
+
## Add public authorization rule using Amazon Cognito identity pool's unauthenticated role
You can also override the authorization provider. In the example below, `identityPool` is specified as the provider which allows you to use an "Unauthenticated Role" from the Cognito identity pool for public access instead of an API key. Your Auth resources defined in `amplify/auth/resource.ts` generates scoped down IAM policies for the "Unauthenticated role" in the Cognito identity pool automatically.
@@ -79,6 +100,8 @@ const schema = a.schema({
});
```
+
+
In your application, you can perform CRUD operations against the model using `client.models.` with the `identityPool` auth mode.
@@ -123,3 +146,22 @@ const { errors, data: newTodo } = await client.models.Todo.create(
// highlight-end
);
```
+
+
+
+
+
+In your application, you can perform CRUD operations against the model with the `awsIAM` auth mode.
+
+```swift
+do {
+ let todo = Todo(content: "My new todo")
+ let createdTodo = try await Amplify.API.mutate(request: .create(
+ todo,
+ authMode: .awsIAM)).get()
+} catch {
+ print("Failed to create todo", error)
+}
+```
+
+
diff --git a/src/pages/[platform]/build-a-backend/data/customize-authz/signed-in-user-data-access/index.mdx b/src/pages/[platform]/build-a-backend/data/customize-authz/signed-in-user-data-access/index.mdx
index 58341902eb0..55715c8152a 100644
--- a/src/pages/[platform]/build-a-backend/data/customize-authz/signed-in-user-data-access/index.mdx
+++ b/src/pages/[platform]/build-a-backend/data/customize-authz/signed-in-user-data-access/index.mdx
@@ -51,6 +51,8 @@ const schema = a.schema({
});
```
+
+
In your application, you can perform CRUD operations against the model using `client.models.` with the `userPool` auth mode.
```ts
@@ -70,6 +72,24 @@ const { errors, data: newTodo } = await client.models.Todo.create(
// highlight-end
);
```
+
+
+
+
+In your application, you can perform CRUD operations against the model with the `amazonCognitoUserPools` auth mode.
+
+```swift
+do {
+ let todo = Todo(content: "My new todo")
+ let createdTodo = try await Amplify.API.mutate(request: .create(
+ todo,
+ authMode: .amazonCognitoUserPools)).get()
+} catch {
+ print("Failed to create todo", error)
+}
+```
+
+
## Use identity pool for signed-in user authentication
@@ -86,6 +106,8 @@ const schema = a.schema({
});
```
+
+
In your application, you can perform CRUD operations against the model using `client.models.` with the `iam` auth mode.
@@ -109,5 +131,26 @@ const { errors, data: newTodo } = await client.models.Todo.create(
// highlight-end
);
```
+
+
+
+
+In your application, you can perform CRUD operations against the model with the `awsIAM` auth mode.
+
+
+ The user must be logged in for the Amplify Library to use the authenticated role from your Cognito identity pool.
+
+
+```swift
+do {
+ let todo = Todo(content: "My new todo")
+ let createdTodo = try await Amplify.API.mutate(request: .create(
+ todo,
+ authMode: .awsIAM)).get()
+} catch {
+ print("Failed to create todo", error)
+}
+```
+
In addition, you can also use OpenID Connect with `authenticated` authorization. See [OpenID Connect as an authorization provider](/[platform]/build-a-backend/data/customize-authz/using-oidc-authorization-provider/).
diff --git a/src/pages/[platform]/build-a-backend/data/customize-authz/user-group-based-data-access/index.mdx b/src/pages/[platform]/build-a-backend/data/customize-authz/user-group-based-data-access/index.mdx
index 536113ea07d..be25af69d33 100644
--- a/src/pages/[platform]/build-a-backend/data/customize-authz/user-group-based-data-access/index.mdx
+++ b/src/pages/[platform]/build-a-backend/data/customize-authz/user-group-based-data-access/index.mdx
@@ -47,6 +47,8 @@ const schema = a.schema({
});
```
+
+
In your application, you can perform CRUD operations against the model using `client.models.` with the `userPool` auth mode.
```ts
@@ -69,6 +71,27 @@ const { errors, data: newSalary } = await client.models.Salary.create(
);
```
+
+
+
+
+In your application, you can perform CRUD operations against the model with the `amazonCognitoUserPools` auth mode.
+
+```swift
+do {
+ let salary = Salary(
+ wage: 50.25,
+ currency: "USD")
+ let createdSalary = try await Amplify.API.mutate(request: .create(
+ salary,
+ authMode: .amazonCognitoUserPools)).get()
+} catch {
+ print("Failed to create salary", error)
+}
+```
+
+
+
This can then be updated to allow access to multiple defined groups; in this example below we added access for "Leadership".
```ts