Update Docs how to use Custom Claims / ID Token with GraphQL API and Data Store

[jgo80]

Is this related to a new or existing framework?

No response

Is this related to a new or existing API?

GraphQL API

Is this related to another service?

No response

Describe the feature you'd like to request

With the migration from v5 > v6 I was struggling how to pass the ID token with all my custom claims (I generate using a Pre Token Generation Lambda Trigger). Since I was doing this since v5, I needed to look this up for v6 in the docs but did not find it.

The solution is close but not clear! There is a general section how to Set custom request headers for GraphQL APIs

import { Amplify } from 'aws-amplify';
import config from './amplifyconfiguration.json';

Amplify.configure(config, {
  API: {
    headers: async () => ({
      'My-Custom-Header': 'my value'
    })
  }
});

But this is not enough!

Describe the solution you'd like

There should be a more precise explanation how to pass the ID token when using a Pre Token Generation Lambda Trigger.

import { Amplify } from 'aws-amplify';
import { fetchAuthSession } from 'aws-amplify/auth';
import config from './amplifyconfiguration.json';

Amplify.configure(config, {
    API: {
      GraphQL: {
        headers: async () => ({
          Authorization: (
            await fetchAuthSession()
          ).tokens?.idToken?.toString() as string,
        }),
      },
    },
});

Describe alternatives you've considered

My approach is working fine, just update the docs 😉

Additional context

No response

Is this something that you'd be interested in working on?

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

[hanna-becker]

Agree with the suggestion here! Additionally, I'm getting a TypeScript error for the headers property:

[cwomack]

@jgo80, appreciate you opening up this issue and calling out the need for docs to be improved for migration from v5 to v6. To ensure it's properly tracked with our docs team, Im goin to transfer this issue to the amplify-docs repo to be worked on from there. Thank you!

[hanna-becker]

The whole topic of adding/overriding group and custom claims needs way better documentation. I believe there used to be more in the past.

Currently, there is only this tiny section, which says almost nothing.

And then, as mentioned above, there is this general section in a totally different place that lays out the syntax of passing a custom header to graphql api calls, but no connection between the two.

I believe the first of the two sections needs a full example, e.g. the one I gave in this issue, where I'm overriding both group and custom claims to implement read-write and read-only access for a multi-tenancy application with projects.