Const
Readonly
authenticated: ((provider?) => Authorization<"private", undefined, false> & { Authorize authenticated users. By default, .authenticated()
uses an Amazon Cognito user pool based authorization. You can additionally
use .authenticated("identityPool")
or .authenticated("oidc")
to use identityPool or OIDC based authorization for authenticated users.
the authentication provider - supports "userPools", "identityPool", or "oidc"
an authorization rule for authenticated users
Authorize authenticated users. By default, .authenticated()
uses an Amazon Cognito user pool based authorization. You can additionally
use .authenticated("identityPool")
or .authenticated("oidc")
to use identityPool or OIDC based authorization for authenticated users.
Optional
provider: PrivateProviderthe authentication provider - supports "userPools", "identityPool", or "oidc"
an authorization rule for authenticated users
Readonly
custom: ((provider?) => Authorization<"custom", undefined, false> & { Optional
provider: CustomProviderReadonly
group: ((group, provider?) => Authorization<"groups", undefined, false> & { Authorize a specific user group. Provide the name of the specific user group to have access.
By default, .group()
uses an Amazon Cognito user pool based authorization. You can additionally
use .group("group-name", "oidc")
to use OIDC based authentication to designate the user group.
To change the specific claim that should be used as the user group identifier, chain the
.withClaimIn(...)
method.
the name of the group to authorize
the authentication provider - supports "userPools" or "oidc"
an authorization rule to grant access by a specific group
Authorize a specific user group. Provide the name of the specific user group to have access.
By default, .group()
uses an Amazon Cognito user pool based authorization. You can additionally
use .group("group-name", "oidc")
to use OIDC based authentication to designate the user group.
To change the specific claim that should be used as the user group identifier, chain the
.withClaimIn(...)
method.
the name of the group to authorize
Optional
provider: GroupProviderthe authentication provider - supports "userPools" or "oidc"
an authorization rule to grant access by a specific group
Readonly
groupAuthorize if a user is part of a group defined in a data model field.
By default, .groupDefinedIn()
uses an Amazon Cognito user pool based authorization. You can additionally
use .groupDefinedIn("field-name", "oidc")
to use OIDC based authentication to designate the user group.
To change the specific claim that should be used as the user group identifier within the groups field, chain the
.withClaimIn(...)
method.
the field that should store the authorized user group information
the authentication provider - supports "userPools" or "oidc"
an authorization rule to grant access by a specific group
Authorize if a user is part of a group defined in a data model field.
By default, .groupDefinedIn()
uses an Amazon Cognito user pool based authorization. You can additionally
use .groupDefinedIn("field-name", "oidc")
to use OIDC based authentication to designate the user group.
To change the specific claim that should be used as the user group identifier within the groups field, chain the
.withClaimIn(...)
method.
the field that should store the authorized user group information
Optional
provider: GroupProviderthe authentication provider - supports "userPools" or "oidc"
an authorization rule to grant access by a specific group
Readonly
groups: ((groups, provider?) => Authorization<"groups", undefined, false> & { Authorize multiple specific user groups. Provide the names of the specific user groups to have access.
By default, .groups()
uses an Amazon Cognito user pool based authorization. You can additionally
use .groups(["group-a", "group-b"], "oidc")
to use OIDC based authentication to designate the user group.
To change the specific claim that should be used as the user group identifier, chain the
.withClaimIn(...)
method.
the names of the group to authorize defined as an array
the authentication provider - supports "userPools" or "oidc"
an authorization rule to grant access by a specific group
Authorize multiple specific user groups. Provide the names of the specific user groups to have access.
By default, .groups()
uses an Amazon Cognito user pool based authorization. You can additionally
use .groups(["group-a", "group-b"], "oidc")
to use OIDC based authentication to designate the user group.
To change the specific claim that should be used as the user group identifier, chain the
.withClaimIn(...)
method.
the names of the group to authorize defined as an array
Optional
provider: GroupProviderthe authentication provider - supports "userPools" or "oidc"
an authorization rule to grant access by a specific group
Readonly
groupsAuthorize if a user is part of a one of the groups defined in a data model field.
By default, .groupsDefinedIn()
uses an Amazon Cognito user pool based authorization. You can additionally
use .groupsDefinedIn("field-name", "oidc")
to use OIDC based authentication to designate the user group.
To change the specific claim that should be used as the user group identifier within the groups field, chain the
.withClaimIn(...)
method.
the field that should store the list of authorized user groups
the authentication provider - supports "userPools" or "oidc"
an authorization rule to grant access by a specific group
Authorize if a user is part of a one of the groups defined in a data model field.
By default, .groupsDefinedIn()
uses an Amazon Cognito user pool based authorization. You can additionally
use .groupsDefinedIn("field-name", "oidc")
to use OIDC based authentication to designate the user group.
To change the specific claim that should be used as the user group identifier within the groups field, chain the
.withClaimIn(...)
method.
the field that should store the list of authorized user groups
Optional
provider: GroupProviderthe authentication provider - supports "userPools" or "oidc"
an authorization rule to grant access by a specific group
Readonly
guest: (() => Authorization<"public", undefined, false> & { Authorize unauthenticated users by using IDENTITYPOOL based authorization.
an authorization rule for unauthenticated users
Authorize unauthenticated users by using IDENTITYPOOL based authorization.
an authorization rule for unauthenticated users
Readonly
owner: ((provider?) => Authorization<"owner", "owner", false> & { Authorize access on a per-user (owner) basis. By setting owner-based authorization, a new owner: a.string()
field will be added to the model to store which user "owns" the item. Upon item creation, the "owner field" is
auto-populated with the authenticated user's information. If you want to specify which field should be used as
the owner field, you can use the ownerDefinedIn
builder function instead.
By default, .owner()
uses an Amazon Cognito user pool based authorization. You can additionally
use .owner("oidc")
to use OIDC based authentication to designate the owner.
To change the specific claim that should be used as the user identifier within the owner field, chain the
.identityClaim(...)
method.
the authentication provider - supports "userPools", "identityPool", or "oidc"
an authorization rule for authenticated users
Authorize access on a per-user (owner) basis. By setting owner-based authorization, a new owner: a.string()
field will be added to the model to store which user "owns" the item. Upon item creation, the "owner field" is
auto-populated with the authenticated user's information. If you want to specify which field should be used as
the owner field, you can use the ownerDefinedIn
builder function instead.
By default, .owner()
uses an Amazon Cognito user pool based authorization. You can additionally
use .owner("oidc")
to use OIDC based authentication to designate the owner.
To change the specific claim that should be used as the user identifier within the owner field, chain the
.identityClaim(...)
method.
Optional
provider: OwnerProvidersthe authentication provider - supports "userPools", "identityPool", or "oidc"
an authorization rule for authenticated users
Readonly
ownerAuthorize access on a per-user (owner) basis with specifying which field should be used as the owner field.
By default, .owner()
uses an Amazon Cognito user pool based authorization. You can additionally
use .ownerDefinedIn("owner", "oidc")
to use OIDC based authentication to designate the owner.
To change the specific claim that should be used as the user identifier within the owner field, chain the
.identityClaim(...)
method.
the field that contains the owner information
the authentication provider - supports "userPools", "identityPool", or "oidc"
an authorization rule for authenticated users
Authorize access on a per-user (owner) basis with specifying which field should be used as the owner field.
By default, .owner()
uses an Amazon Cognito user pool based authorization. You can additionally
use .ownerDefinedIn("owner", "oidc")
to use OIDC based authentication to designate the owner.
To change the specific claim that should be used as the user identifier within the owner field, chain the
.identityClaim(...)
method.
the field that contains the owner information
Optional
provider: OwnerProvidersthe authentication provider - supports "userPools", "identityPool", or "oidc"
an authorization rule for authenticated users
Readonly
ownersAuthorize access for multi-user / multi-owner access. By setting multi-owner-based authorization, a new owners: a.string().array()
field will be added to the model to store which users "own" the item. Upon item creation, the "owners field" is
auto-populated with the authenticated user's information. To grant other users access to the item, append their user identifier into the owners
array.
You can specify which field should be used as the owners field by passing the ownersField
parameter.
By default, .ownersDefinedIn()
uses an Amazon Cognito user pool based authorization. You can additionally
use .ownersDefinedIn("owners", "oidc")
to use OIDC based authentication to designate the owner.
To change the specific claim that should be used as the user identifier within the owners field, chain the
.identityClaim(...)
method.
the field that contains the owners information
the authentication provider - supports "userPools", "identityPool", or "oidc"
an authorization rule for authenticated users
Authorize access for multi-user / multi-owner access. By setting multi-owner-based authorization, a new owners: a.string().array()
field will be added to the model to store which users "own" the item. Upon item creation, the "owners field" is
auto-populated with the authenticated user's information. To grant other users access to the item, append their user identifier into the owners
array.
You can specify which field should be used as the owners field by passing the ownersField
parameter.
By default, .ownersDefinedIn()
uses an Amazon Cognito user pool based authorization. You can additionally
use .ownersDefinedIn("owners", "oidc")
to use OIDC based authentication to designate the owner.
To change the specific claim that should be used as the user identifier within the owners field, chain the
.identityClaim(...)
method.
the field that contains the owners information
Optional
provider: OwnerProvidersthe authentication provider - supports "userPools", "identityPool", or "oidc"
an authorization rule for authenticated users
Readonly
publicAuthorize unauthenticated users by using API key based authorization.
an authorization rule for unauthenticated users
Authorize unauthenticated users by using API key based authorization.
an authorization rule for unauthenticated users
Readonly
resource: ((fn) => ResourceAuthorization & {
Defines an authorization rule for your data models and fields. First choose an authorization strategy (
public
,private
,owner
,group
, orcustom
), then choose an auth provider (apiKey
,identitypool
,userPools
,oidc
, orfunction
) and optionally use.to(...)
to specify the operations that can be performed against your data models and fields.