Amplify-cli: @auth Per Field

I think this is a good idea. Have you thought more about how you would like to see it implemented?

I see two main options:

1. Add arguments to @auth. Usage would look something like:

type Post @model @auth(allow: owner, fields: ["a", "b", "c"]) { ... }

Pros: Simple. Allows grouping fields.

Cons: Does not leverage the type system.

1. Allow @auth to be specified on fields. Something like:

type User @model {
  ssn: String @auth(allow: owner)
}

Downsides of this approach are that you would have to define @auth per field that you want to protect. That being said you could always put @auth on the type with the most basic auth for all fields then fine tune using @auth on the field level.

Let me know what you think.

Hi @mikeparisstuff, thanks for your reply. I think I like the 2nd one better. It is more declarative and explicit when looking at the schema from a top level. Agreed, you'd generally want the most basic auth at top level for the model and then fine-grained definitions on a per-field basis.

This would be absolutely amazing to have.

We (the AWS AppSync team) are currently looking for feedback on a server side solution for supporting field level auth and would love community feedback on the following RFC:

https://github.com/aws/aws-appsync-community/issues/1

For anyone looking (On Google, I found this first instead of the actual docs and only found them two days later):

This is supported now: https://docs.amplify.aws/cli/graphql-transformer/directives#field-level-authorization