Hello! If I have my Auth setup with "allowUnauthenticatedIdentities": true and have @auth(rules: [{ allow: private, provider: iam }]) rule on my model, how can I verify which access an unauthenticated user has, and how can I test this in my React application? I mean how can I in the application When I do Queries from AppSync with IAM authentication, would any Unauthenticated user have similar access?
#✅ - Allow unauthenticated logins & @auth(rules: [{ allow: private, provider: iam }])
random pier
random pier
Really my question is, that if I have allowed unauthenticated logins, will they have full access to models with iam access setup like this: @auth(rules: [{ allow: private, provider: iam }])
I have this rule to enable access from Lambda functions.
random pier
I got an answer on office hours chat from @vestal swift : #844970815426658334 message
Quote:
The allowUnauthenticatedIdentities is set more on the cognito level - you can think of it as I plan to enable guest users to have access to API or Storage for example. Since you defined private on your graphql model, it restricts it to signed in users - the alternative would be using public which would give users not signed in access
toxic wadiBOT
✅ - Allow unauthenticated logins & @auth(rules: [{ allow: private, provider: iam }])