GraphQL Authorization Error When Using AWS Lambda Trigger for Post-Confirmation

GraphQL Authorization Error When Using AWS Lambda Trigger for Post-Confirmation


0

I am encountering an authorization error when trying to execute a GraphQL mutation (createPlayer) in an AWS Lambda function that is triggered after user confirmation. The error message I’m receiving is:

**PostConfirmation failed with error GraphQL error: Not Authorized to access createPlayer on type Mutattion
**

Lambda Function (Node.js):

const appsync = require("aws-appsync");
const gql = require("graphql-tag");
require("cross-fetch/polyfill");

exports.handler = async (event, context, callback) => {
  const graphqlClient = new appsync.AWSAppSyncClient({
    url: process.env.API_TICTACTOE010147_GRAPHQLAPIENDPOINTOUTPUT,
    region: process.env.REGION,
    auth: {
      type: "AWS_IAM",
      credentials: {
        accessKeyId: process.env.AWS_ACCESS_KEY_ID,
        secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
        sessionToken: process.env.AWS_SESSION_TOKEN,
      },
    },
    disableOffline: true,
  });

  const mutation = gql`
    mutation createPlayer(
      $name: String!
      $cognitoID: String!
      $username: String!
      $email: AWSEmail!
    ) {
      createPlayer(
        input: {
          cognitoID: $cognitoID
          email: $email
          name: $name
          username: $username
        }
      ) {
        id
      }
    }
  `;

  try {
    await graphqlClient.mutate({
      mutation,
      variables: {
        name: event.request.userAttributes.name,
        username: event.userName,
        cognitoID: event.request.userAttributes.sub,
        email: event.request.userAttributes.email,
      },
    });
    callback(null, event);
  } catch (error) {
    callback(error);
  }
};

GraphQL Schema (Relevant Part):

type Player
  @model
  @auth(
    rules: [
      { allow: private, operations: [read] }
      { allow: owner, ownerField: "username", operations: [update] }
      {
        allow: private
        provider: iam
        operations: [read, create, update, delete]
      }
    ]
  ) {
  id: ID!
  cognitoID: String!
  username: String! @primaryKey
  name: String!
  email: AWSEmail!
}

Error Message:
PostConfirmation failed with error GraphQL error: Not Authorized to access createPlayer on type Mutattion

Improve this question

New contributor

Muhammad Umair Alim is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.


Load 4 more related questions


Show fewer related questions

0



Reset to default



Leave a Reply

Your email address will not be published. Required fields are marked *