Aws-cdk: AppSync: support for OPENID_CONNECT authorization type
Currently it is not possible to configure the OPENID_CONNECT authentication method with the GraphQLApi object.
Proposed Solution
Currently this is only possible with the primitive Cfn objects. This means that it makes configuring subsequent schemas, datasources and resolvers more complex as they too need to use the primitive Cfn objects. Below is an example of achieving this using the primitive Cfn objects. I believe the addition needs to be made in a similar way to this https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-appsync/lib/graphqlapi.ts#L31.
Cfn implementation
auth_config = aws_appsync.CfnGraphQLApi.OpenIDConnectConfigProperty(
issuer="https://openid_privider.company.com/"
)
api = aws_appsync.CfnGraphQLApi(
self,
id="api",
name="api",
log_config=aws_appsync.CfnGraphQLApi.LogConfigProperty(
exclude_verbose_content=False,
cloud_watch_logs_role_arn=log_role.role_arn,
field_log_level="ALL",
),
open_id_connect_config=auth_config,
authentication_type="OPENID_CONNECT",
)
- [ ] :wave: I may be able to implement this feature request
- [ ] :warning: This feature might incur a breaking change
This is a :rocket: Feature Request
alextriaca
All 5 comments
I've already implemented it. Have a look at the pull request: https://github.com/aws/aws-cdk/pull/7878
SachinShekhar
on 15 May 2020
Amazing! Thank you @SachinShekhar. Will close this in favour of your PR.
alextriaca
on 15 May 2020
@alextriaca - I don't think @SachinShekhar 's PR #7878 will be promoted anywhere unless a feature request issue exists. so please re-open.
3oris
on 1 Jun 2020
also needed here ! Thanks for the PR
poppein
on 1 Jun 2020
Good shout @3oris. Will leave this open until #7878 is merged.
alextriaca
on 1 Jun 2020
Related issues
v-do
路
3Comments
kawamoto
路
3Comments
cybergoof
路
3Comments
peterdeme
路
3Comments
EduardTheThird
路
3Comments
Most helpful comment
I've already implemented it. Have a look at the pull request: https://github.com/aws/aws-cdk/pull/7878