Skip to content

Comments

feat: Add AuthorizationCallback shared authorization type support#528

Open
stocaaro wants to merge 10 commits intomainfrom
stocaaro/auth-callback-refactor/main
Open

feat: Add AuthorizationCallback shared authorization type support#528
stocaaro wants to merge 10 commits intomainfrom
stocaaro/auth-callback-refactor/main

Conversation

@stocaaro
Copy link
Contributor

@stocaaro stocaaro commented Feb 14, 2025
edited
Loading

Problem

Developers have no way to share .authorization configuration between their different schema features

Issue number, if available:

Changes

This change introduces an a.AuthorizationCallback type which enables developers to define an auth callback once and reuse it in many .authorization calls.

Example:

const authCallback: a.AuthorizationCallback = (allow) => [
   allow.guest().to(["read"]),
   allow.owner()
];

const schema = a.schema({
   Post: a.model({
     id: a.id(),
     title: a.string(),
     protectedField: a.string().authorization(authCallback),
     content: a.string(),
   }).authorization(authCallback),
}).authorization(authCallback);

Different callback sites have different requirements (schema offers allow.resource, customOperations can't receive allow.guest().to(...) content. The model and field callback surface comes the most authorization features and works in the most customer locations (not compatable with custom operations or ai kit conversations). For all special cases the customer wants to define for code sharing, the type can be overriden using a type param.

AuthorizationCallback<'conversation' | 'customOperation' | 'field' | 'model' | 'reference' | 'relationship' | 'schema'>

Proposed Docs change

aws-amplify/docs#8269

Validation

Tests added for both type compatibility exploration and export surface feature coverage. This behavior has been manually tested in an example app definition.

Checklist

  • If this PR includes a functional change to the runtime or type-level behavior of the code, I have added or updated automated test coverage for this change. (see Testing Strategy README)
  • If this PR requires a docs update, I have linked to that docs PR above.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@stocaaro stocaaro requested review from a team as code owners February 14, 2025 16:48
@changeset-bot
Copy link

changeset-bot bot commented Feb 14, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 73dc1c0

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@aws-amplify/data-schema Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@stocaaro stocaaro mentioned this pull request Feb 25, 2025
Draft
15 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stocaaro