Variable allowConst

Type declaration

• Readonly authenticated: ((provider?) => Authorization<"private", undefined, false> & {
      to: typeof to;
  })

  Authorize authenticated users. By default, .authenticated() uses an Amazon Cognito user pool based authorization. You can additionally use .authenticated("identityPool") or .authenticated("oidc") to use identityPool or OIDC based authorization for authenticated users.

  Param: provider

  the authentication provider - supports "userPools", "identityPool", or "oidc"

  Returns

  an authorization rule for authenticated users

  • • (provider?): Authorization<"private", undefined, false> & {
          to: typeof to;
      }

    • Authorize authenticated users. By default, .authenticated() uses an Amazon Cognito user pool based authorization. You can additionally use .authenticated("identityPool") or .authenticated("oidc") to use identityPool or OIDC based authorization for authenticated users.

      Parameters

      • Optional provider: PrivateProvider

        the authentication provider - supports "userPools", "identityPool", or "oidc"

      Returns Authorization<"private", undefined, false> & {
          to: typeof to;
      }

      an authorization rule for authenticated users

• Readonly custom: ((provider?) => Authorization<"custom", undefined, false> & {
      to: typeof to;
  })

  • • (provider?): Authorization<"custom", undefined, false> & {
          to: typeof to;
      }

    • Parameters

      • Optional provider: CustomProvider

      Returns Authorization<"custom", undefined, false> & {
          to: typeof to;
      }

• Readonly group: ((group, provider?) => Authorization<"groups", undefined, false> & {
      to: typeof to;
      withClaimIn: typeof withClaimIn;
  })

  Authorize a specific user group. Provide the name of the specific user group to have access.

  By default, .group() uses an Amazon Cognito user pool based authorization. You can additionally use .group("group-name", "oidc") to use OIDC based authentication to designate the user group.

  To change the specific claim that should be used as the user group identifier, chain the .withClaimIn(...) method.

  Param: group

  the name of the group to authorize

  Param: provider

  the authentication provider - supports "userPools" or "oidc"

  Returns

  an authorization rule to grant access by a specific group

  • • (group, provider?): Authorization<"groups", undefined, false> & {
          to: typeof to;
          withClaimIn: typeof withClaimIn;
      }

    • Authorize a specific user group. Provide the name of the specific user group to have access.

      By default, .group() uses an Amazon Cognito user pool based authorization. You can additionally use .group("group-name", "oidc") to use OIDC based authentication to designate the user group.

      To change the specific claim that should be used as the user group identifier, chain the .withClaimIn(...) method.

      Parameters

      • group: string

        the name of the group to authorize

      • Optional provider: GroupProvider

        the authentication provider - supports "userPools" or "oidc"

      Returns Authorization<"groups", undefined, false> & {
          to: typeof to;
          withClaimIn: typeof withClaimIn;
      }

      an authorization rule to grant access by a specific group

• Readonly groupDefinedIn: (<T>(groupsField, provider?) => Authorization<"groups", T, false> & {
      to: typeof to;
      withClaimIn: typeof withClaimIn;
  })

  Authorize if a user is part of a group defined in a data model field.

  By default, .groupDefinedIn() uses an Amazon Cognito user pool based authorization. You can additionally use .groupDefinedIn("field-name", "oidc") to use OIDC based authentication to designate the user group.

  To change the specific claim that should be used as the user group identifier within the groups field, chain the .withClaimIn(...) method.

  Param: groupsField

  the field that should store the authorized user group information

  Param: provider

  the authentication provider - supports "userPools" or "oidc"

  Returns

  an authorization rule to grant access by a specific group

  • • <T>(groupsField, provider?): Authorization<"groups", T, false> & {
          to: typeof to;
          withClaimIn: typeof withClaimIn;
      }

    • Authorize if a user is part of a group defined in a data model field.

      By default, .groupDefinedIn() uses an Amazon Cognito user pool based authorization. You can additionally use .groupDefinedIn("field-name", "oidc") to use OIDC based authentication to designate the user group.

      To change the specific claim that should be used as the user group identifier within the groups field, chain the .withClaimIn(...) method.

      Type Parameters

      • T extends string

      Parameters

      • groupsField: T

        the field that should store the authorized user group information

      • Optional provider: GroupProvider

        the authentication provider - supports "userPools" or "oidc"

      Returns Authorization<"groups", T, false> & {
          to: typeof to;
          withClaimIn: typeof withClaimIn;
      }

      an authorization rule to grant access by a specific group

• Readonly groups: ((groups, provider?) => Authorization<"groups", undefined, false> & {
      to: typeof to;
      withClaimIn: typeof withClaimIn;
  })

  Authorize multiple specific user groups. Provide the names of the specific user groups to have access.

  By default, .groups() uses an Amazon Cognito user pool based authorization. You can additionally use .groups(["group-a", "group-b"], "oidc") to use OIDC based authentication to designate the user group.

  To change the specific claim that should be used as the user group identifier, chain the .withClaimIn(...) method.

  Param: groups

  the names of the group to authorize defined as an array

  Param: provider

  the authentication provider - supports "userPools" or "oidc"

  Returns

  an authorization rule to grant access by a specific group

  • • (groups, provider?): Authorization<"groups", undefined, false> & {
          to: typeof to;
          withClaimIn: typeof withClaimIn;
      }

    • Authorize multiple specific user groups. Provide the names of the specific user groups to have access.

      By default, .groups() uses an Amazon Cognito user pool based authorization. You can additionally use .groups(["group-a", "group-b"], "oidc") to use OIDC based authentication to designate the user group.

      To change the specific claim that should be used as the user group identifier, chain the .withClaimIn(...) method.

      Parameters

      • groups: string[]

        the names of the group to authorize defined as an array

      • Optional provider: GroupProvider

        the authentication provider - supports "userPools" or "oidc"

      Returns Authorization<"groups", undefined, false> & {
          to: typeof to;
          withClaimIn: typeof withClaimIn;
      }

      an authorization rule to grant access by a specific group

• Readonly groupsDefinedIn: (<T>(groupsField, provider?) => Authorization<"groups", T, true> & {
      to: typeof to;
      withClaimIn: typeof withClaimIn;
  })

  Authorize if a user is part of a one of the groups defined in a data model field.

  By default, .groupsDefinedIn() uses an Amazon Cognito user pool based authorization. You can additionally use .groupsDefinedIn("field-name", "oidc") to use OIDC based authentication to designate the user group.

  To change the specific claim that should be used as the user group identifier within the groups field, chain the .withClaimIn(...) method.

  Param: groupsField

  the field that should store the list of authorized user groups

  Param: provider

  the authentication provider - supports "userPools" or "oidc"

  Returns

  an authorization rule to grant access by a specific group

  • • <T>(groupsField, provider?): Authorization<"groups", T, true> & {
          to: typeof to;
          withClaimIn: typeof withClaimIn;
      }

    • Authorize if a user is part of a one of the groups defined in a data model field.

      By default, .groupsDefinedIn() uses an Amazon Cognito user pool based authorization. You can additionally use .groupsDefinedIn("field-name", "oidc") to use OIDC based authentication to designate the user group.

      To change the specific claim that should be used as the user group identifier within the groups field, chain the .withClaimIn(...) method.

      Type Parameters

      • T extends string

      Parameters

      • groupsField: T

        the field that should store the list of authorized user groups

      • Optional provider: GroupProvider

        the authentication provider - supports "userPools" or "oidc"

      Returns Authorization<"groups", T, true> & {
          to: typeof to;
          withClaimIn: typeof withClaimIn;
      }

      an authorization rule to grant access by a specific group

• Readonly guest: (() => Authorization<"public", undefined, false> & {
      to: typeof to;
  })

  Authorize unauthenticated users by using IDENTITYPOOL based authorization.

  Returns

  an authorization rule for unauthenticated users

  • • (): Authorization<"public", undefined, false> & {
          to: typeof to;
      }

    • Authorize unauthenticated users by using IDENTITYPOOL based authorization.

      Returns Authorization<"public", undefined, false> & {
          to: typeof to;
      }

      an authorization rule for unauthenticated users

• Readonly owner: ((provider?) => Authorization<"owner", "owner", false> & {
      identityClaim: typeof identityClaim;
      to: typeof to;
  })

  Authorize access on a per-user (owner) basis. By setting owner-based authorization, a new owner: a.string() field will be added to the model to store which user "owns" the item. Upon item creation, the "owner field" is auto-populated with the authenticated user's information. If you want to specify which field should be used as the owner field, you can use the ownerDefinedIn builder function instead.

  By default, .owner() uses an Amazon Cognito user pool based authorization. You can additionally use .owner("oidc") to use OIDC based authentication to designate the owner.

  To change the specific claim that should be used as the user identifier within the owner field, chain the .identityClaim(...) method.

  Param: provider

  the authentication provider - supports "userPools", "identityPool", or "oidc"

  Returns

  an authorization rule for authenticated users

  • • (provider?): Authorization<"owner", "owner", false> & {
          identityClaim: typeof identityClaim;
          to: typeof to;
      }

    • Authorize access on a per-user (owner) basis. By setting owner-based authorization, a new owner: a.string() field will be added to the model to store which user "owns" the item. Upon item creation, the "owner field" is auto-populated with the authenticated user's information. If you want to specify which field should be used as the owner field, you can use the ownerDefinedIn builder function instead.

      By default, .owner() uses an Amazon Cognito user pool based authorization. You can additionally use .owner("oidc") to use OIDC based authentication to designate the owner.

      To change the specific claim that should be used as the user identifier within the owner field, chain the .identityClaim(...) method.

      Parameters

      • Optional provider: OwnerProviders

        the authentication provider - supports "userPools", "identityPool", or "oidc"

      Returns Authorization<"owner", "owner", false> & {
          identityClaim: typeof identityClaim;
          to: typeof to;
      }

      an authorization rule for authenticated users

• Readonly ownerDefinedIn: (<T>(ownerField, provider?) => Authorization<"owner", T, false> & {
      identityClaim: typeof identityClaim;
      to: typeof to;
  })

  Authorize access on a per-user (owner) basis with specifying which field should be used as the owner field.

  By default, .owner() uses an Amazon Cognito user pool based authorization. You can additionally use .ownerDefinedIn("owner", "oidc") to use OIDC based authentication to designate the owner.

  To change the specific claim that should be used as the user identifier within the owner field, chain the .identityClaim(...) method.

  Param: ownerField

  the field that contains the owner information

  Param: provider

  the authentication provider - supports "userPools", "identityPool", or "oidc"

  Returns

  an authorization rule for authenticated users

  • • <T>(ownerField, provider?): Authorization<"owner", T, false> & {
          identityClaim: typeof identityClaim;
          to: typeof to;
      }

    • Authorize access on a per-user (owner) basis with specifying which field should be used as the owner field.

      By default, .owner() uses an Amazon Cognito user pool based authorization. You can additionally use .ownerDefinedIn("owner", "oidc") to use OIDC based authentication to designate the owner.

      To change the specific claim that should be used as the user identifier within the owner field, chain the .identityClaim(...) method.

      Type Parameters

      • T extends string

      Parameters

      • ownerField: T

        the field that contains the owner information

      • Optional provider: OwnerProviders

        the authentication provider - supports "userPools", "identityPool", or "oidc"

      Returns Authorization<"owner", T, false> & {
          identityClaim: typeof identityClaim;
          to: typeof to;
      }

      an authorization rule for authenticated users

• Readonly ownersDefinedIn: (<T>(ownersField, provider?) => Authorization<"owner", T, true> & {
      identityClaim: typeof identityClaim;
      to: typeof to;
  })

  Authorize access for multi-user / multi-owner access. By setting multi-owner-based authorization, a new owners: a.string().array() field will be added to the model to store which users "own" the item. Upon item creation, the "owners field" is auto-populated with the authenticated user's information. To grant other users access to the item, append their user identifier into the owners array.

  You can specify which field should be used as the owners field by passing the ownersField parameter.

  By default, .ownersDefinedIn() uses an Amazon Cognito user pool based authorization. You can additionally use .ownersDefinedIn("owners", "oidc") to use OIDC based authentication to designate the owner.

  To change the specific claim that should be used as the user identifier within the owners field, chain the .identityClaim(...) method.

  Param: ownersField

  the field that contains the owners information

  Param: provider

  the authentication provider - supports "userPools", "identityPool", or "oidc"

  Returns

  an authorization rule for authenticated users

  • • <T>(ownersField, provider?): Authorization<"owner", T, true> & {
          identityClaim: typeof identityClaim;
          to: typeof to;
      }

    • Authorize access for multi-user / multi-owner access. By setting multi-owner-based authorization, a new owners: a.string().array() field will be added to the model to store which users "own" the item. Upon item creation, the "owners field" is auto-populated with the authenticated user's information. To grant other users access to the item, append their user identifier into the owners array.

      You can specify which field should be used as the owners field by passing the ownersField parameter.

      By default, .ownersDefinedIn() uses an Amazon Cognito user pool based authorization. You can additionally use .ownersDefinedIn("owners", "oidc") to use OIDC based authentication to designate the owner.

      To change the specific claim that should be used as the user identifier within the owners field, chain the .identityClaim(...) method.

      Type Parameters

      • T extends string

      Parameters

      • ownersField: T

        the field that contains the owners information

      • Optional provider: OwnerProviders

        the authentication provider - supports "userPools", "identityPool", or "oidc"

      Returns Authorization<"owner", T, true> & {
          identityClaim: typeof identityClaim;
          to: typeof to;
      }

      an authorization rule for authenticated users

• Readonly publicApiKey: (() => Authorization<"public", undefined, false> & {
      to: typeof to;
  })

  Authorize unauthenticated users by using API key based authorization.

  Returns

  an authorization rule for unauthenticated users

  • • (): Authorization<"public", undefined, false> & {
          to: typeof to;
      }

    • Authorize unauthenticated users by using API key based authorization.

      Returns Authorization<"public", undefined, false> & {
          to: typeof to;
      }

      an authorization rule for unauthenticated users

• Readonly resource: ((fn) => ResourceAuthorization & {
      to: typeof resourceTo;
  })

  • • (fn): ResourceAuthorization & {
          to: typeof resourceTo;
      }

    • Parameters

      • fn: DefineFunction

      Returns ResourceAuthorization & {
          to: typeof resourceTo;
      }