aws-amplify · SwaySway · Oct 31, 2021 · Oct 31, 2021
diff --git a/packages/amplify-graphql-auth-transformer/src/__tests__/multi-auth.test.ts b/packages/amplify-graphql-auth-transformer/src/__tests__/multi-auth.test.ts
@@ -561,6 +561,18 @@ describe('schema generation directive tests', () => {
     expectMultiple(tagType, expectedDirectiveNames);
   });
 
+  test('OIDC works with private', () => {
+    const cognitoUserPoolAndOidcAuthRules =
+      '@auth(rules: [ { allow: private, provider: oidc, operations: [read] } { allow: owner, ownerField: "editors" } { allow: groups, groupsField: "groups"} ])';
+    const authConfig = withAuthModes(apiKeyDefaultConfig, ['AMAZON_COGNITO_USER_POOLS', 'OPENID_CONNECT']);
+
+    (authConfig.additionalAuthenticationProviders[1] as AppSyncAuthConfigurationOIDCEntry).openIDConnectConfig = {
+      name: 'Test Provider',
+      issuerUrl: 'https://abc.def/',
+    };
+    transformTest(cognitoUserPoolAndOidcAuthRules, authConfig, [userPoolsDirectiveName, openIdDirectiveName]);
+  });
+
   test(`Nested types without @model getting directives applied (cognito default, api key additional)`, () => {
     const schema = getSchemaWithNonModelField(privateAndPublicDirective);
     const transformer = getTransformer(withAuthModes(userPoolsDefaultConfig, ['API_KEY']));

diff --git a/packages/amplify-graphql-auth-transformer/src/utils/validations.ts b/packages/amplify-graphql-auth-transformer/src/utils/validations.ts
@@ -42,7 +42,7 @@ found '${rule.provider}' assigned.`,
   // Private
   //
   if (rule.allow === 'private') {
-    if (rule.provider !== null && rule.provider !== 'userPools' && rule.provider !== 'iam') {
+    if (rule.provider !== null && rule.provider !== 'userPools' && rule.provider !== 'iam' && rule.provider !== 'oidc') {
       throw new InvalidDirectiveError(
         `@auth directive with 'private' strategy only supports 'userPools' (default) and 'iam' providers, but \
 found '${rule.provider}' assigned.`,