pub enum AppsyncIdentity {
Cognito(AppsyncIdentityCognito),
Iam(AppsyncIdentityIam),
Oidc(AppsyncIdentityOidc),
Lambda(AppsyncIdentityLambda),
ApiKey,
}Expand description
Identity information for an AppSync request.
Represents the identity context of the authenticated user/client making the request to AWS AppSync. This enum corresponds directly to AppSync’s authorization types as defined in the AWS documentation.
Each variant maps to one of the five supported AWS AppSync authorization modes:
-
Cognito: Uses Amazon Cognito User Pools, providing group-based access control with JWT tokens containing encoded user information like groups and custom claims.
-
Iam: Uses AWS IAM roles and policies through AWS Signature Version 4 signing. Can be used either directly with IAM users/roles or through Cognito Identity Pools for federated access. Enables fine-grained access control through IAM policies.
-
Oidc: OpenID Connect authentication integrating with any OIDC-compliant provider.
-
Lambda: Custom authorization through an AWS Lambda function that evaluates each request.
-
ApiKey: Simple API key-based authentication using keys generated and managed by AppSync.
The variant is determined by the authorization configuration of your AppSync API and the authentication credentials provided in the request. Each variant contains structured information specific to that authentication mode, which can be used in resolvers for custom authorization logic.
More information can be found in the AWS documentation.
Variants§
Cognito(AppsyncIdentityCognito)
Amazon Cognito User Pools authentication
Iam(AppsyncIdentityIam)
AWS IAM authentication
Oidc(AppsyncIdentityOidc)
OpenID Connect authentication
Lambda(AppsyncIdentityLambda)
Lambda authorizer authentication
ApiKey
API Key authentication (represents null identity in JSON)