Dependencies:
node 18.14.2
amplify/cli 10.6.2
Used auth:
Default Auth: Cognito UserPool
Second: API Key
User A is in cognito group "admin"
User B is **not ** in any group
Graphql schema
type Test
@model
@auth(
rules: [
# Allow client to read the item
{ allow: owner,
provider: userPools,
ownerField: "client",
identityClaim: "sub",
operations: [read] },
# Allow admin users to access any operation
{ allow: groups, groups: ["admin"] }
]
) {
id: ID!
name: String
client: String
}
App code
const res = await API.graphql<GraphQLQuery<ListTestQuery>>({
query: queries.listTest,
authMode: GRAPHQL_AUTH_MODE.AMAZON_COGNITO_USER_POOLS,
});
Expected result:
User A gets a list of all entries.
User B only gets only items that have his "sub" as client string
Actual behavior:
I get different results with the same query in local testing within the explorer and my app. In the mock explorer everything works as intended if i switch users.
GraphQL Explorer:
- User A gets all items -> Good
- User B only gets matching items -> Good
App:
- User A gets all items -> Good
- User B gets an empty array -> Bad
Question:
Why do i get different results between the app and the Graphql Explorer ?