Hacker News new | past | comments | ask | show | jobs | submit login

I'm leading development on a React Native app using AppSync.

So far it's amazing.

It leverages Apollo for offline/GraphQL capabilities and Apache VTL to bind resources.

It also integrates really nicely with AWS Amplify.

One thing that was a bit of an annoyance was access levels.

You can authenticate with the GraphQL api using a Key, IAM or Cognito JWT

Key is for development only.

IAM does not expose Cognito Groups to VTL

JWT requires an active session.

So we had to create a "fake" account for non-signed in access.

Use case being, a "guest" can read data from the API but only "admins" can write data to the API

I had the impression Cognito had this feature, but maybe I'm thinking of Auth0 here

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact