npm - @aws-amplify/data-schema - Versions diffs - 0.18.1 → 0.18.2 - Mend

@aws-amplify/data-schema 0.18.1 → 0.18.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/dist/cjs/Authorization.js +17 -17
package/dist/cjs/Authorization.js.map +1 -1
package/dist/cjs/SchemaProcessor.js +3 -1
package/dist/cjs/SchemaProcessor.js.map +1 -1
package/dist/esm/Authorization.d.ts +16 -16
package/dist/esm/Authorization.mjs +17 -17
package/dist/esm/Authorization.mjs.map +1 -1
package/dist/esm/SchemaProcessor.mjs +3 -1
package/dist/esm/SchemaProcessor.mjs.map +1 -1
package/dist/esm/runtime/bridge-types.d.ts +1 -1
package/dist/esm/runtime/client/index.d.ts +1 -1
package/dist/meta/cjs.tsbuildinfo +1 -1
package/package.json +1 -1
package/src/Authorization.ts +17 -17
package/src/SchemaProcessor.ts +3 -1
package/src/runtime/bridge-types.ts +1 -0
package/src/runtime/client/index.ts +1 -0

package/dist/esm/Authorization.d.ts CHANGED Viewed

@@ -5,19 +5,19 @@ declare const __data: unique symbol;
  *
  * This list should not be used if you need to restrict available providers
  * according to an auth strategcy. E.g., `public` auth can only be facilitated
- * by `apiKey` and `iam` providers.
+ * by `apiKey` and `identityPool` providers.
  */
-export declare const Providers: readonly ["apiKey", "iam", "userPools", "oidc", "function"];
+export declare const Providers: readonly ["apiKey", "identityPool", "userPools", "oidc", "function"];
 export type Provider = (typeof Providers)[number];
 /**
  * The subset of auth providers that can facilitate `public` auth.
  */
-export declare const PublicProviders: readonly ["apiKey", "iam"];
+export declare const PublicProviders: readonly ["apiKey", "identityPool"];
 export type PublicProvider = (typeof PublicProviders)[number];
 /**
  * The subset of auth providers that can facilitate `private` auth.
  */
-export declare const PrivateProviders: readonly ["userPools", "oidc", "iam"];
+export declare const PrivateProviders: readonly ["userPools", "oidc", "identityPool"];
 export type PrivateProvider = (typeof PrivateProviders)[number];
 /**
  * The subset of auth providers that can facilitate `owner` auth.
@@ -84,7 +84,7 @@ declare function identityClaim<SELF extends Authorization<any, any, any>>(this:
 declare function withClaimIn<SELF extends Authorization<any, any, any>>(this: SELF, property: string): Omit<SELF, "withClaimIn">;
 /**
  * Defines an authorization rule for your data models and fields. First choose an authorization strategy (`public`,
- * `private`, `owner`, `group`, or `custom`), then choose an auth provider (`apiKey`, `iam`, `userPools`, `oidc`, or `function`)
+ * `private`, `owner`, `group`, or `custom`), then choose an auth provider (`apiKey`, `identitypool`, `userPools`, `oidc`, or `function`)
  * and optionally use `.to(...)` to specify the operations that can be performed against your data models and fields.
  */
 export declare const allow: {
@@ -96,16 +96,16 @@ export declare const allow: {
         to: typeof to;
     };
     /**
-     * Authorize unauthenticated users by using IAM based authorization.
+     * Authorize unauthenticated users by using IDENTITYPOOL based authorization.
      * @returns an authorization rule for unauthenticated users
      */
     readonly guest: () => Authorization<"public", undefined, false> & {
         to: typeof to;
     };
     /**
-     * Authorize authenticated users. By default, `.private()` uses an Amazon Cognito user pool based authorization. You can additionally
-     * use `.authenticated("iam")` or `.authenticated("oidc")` to use IAM or OIDC based authorization for authenticated users.
-     * @param provider the authentication provider - supports "userPools", "iam", or "oidc"
+     * Authorize authenticated users. By default, `.authenticated()` uses an Amazon Cognito user pool based authorization. You can additionally
+     * use `.authenticated("identityPool")` or `.authenticated("oidc")` to use identityPool or OIDC based authorization for authenticated users.
+     * @param provider the authentication provider - supports "userPools", "identityPool", or "oidc"
      * @returns an authorization rule for authenticated users
      */
     readonly authenticated: (provider?: PrivateProvider) => Authorization<"private", undefined, false> & {
@@ -123,7 +123,7 @@ export declare const allow: {
      * To change the specific claim that should be used as the user identifier within the owner field, chain the
      * `.identityClaim(...)` method.
      *
-     * @param provider the authentication provider - supports "userPools", "iam", or "oidc"
+     * @param provider the authentication provider - supports "userPools", "identityPool", or "oidc"
      * @returns an authorization rule for authenticated users
      */
     readonly owner: (provider?: OwnerProviders) => Authorization<"owner", "owner", false> & {
@@ -140,7 +140,7 @@ export declare const allow: {
      * `.identityClaim(...)` method.
      *
      * @param ownerField the field that contains the owner information
-     * @param provider the authentication provider - supports "userPools", "iam", or "oidc"
+     * @param provider the authentication provider - supports "userPools", "identityPool", or "oidc"
      * @returns an authorization rule for authenticated users
      */
     readonly ownerDefinedIn: <T extends string>(ownerField: T, provider?: OwnerProviders) => Authorization<"owner", T, false> & {
@@ -161,7 +161,7 @@ export declare const allow: {
      * `.identityClaim(...)` method.
      *
      * @param ownersField the field that contains the owners information
-     * @param provider the authentication provider - supports "userPools", "iam", or "oidc"
+     * @param provider the authentication provider - supports "userPools", "identityPool", or "oidc"
      * @returns an authorization rule for authenticated users
      */
     readonly ownersDefinedIn: <T_1 extends string>(ownersField: T_1, provider?: OwnerProviders) => Authorization<"owner", T_1, true> & {
@@ -259,14 +259,14 @@ export declare const allowForCustomOperations: {
      */
     readonly publicApiKey: () => Authorization<"public", undefined, false>;
     /**
-     * Authorize unauthenticated users by using IAM based authorization.
+     * Authorize unauthenticated users by using identityPool based authorization.
      * @returns an authorization rule for unauthenticated users
      */
     readonly guest: () => Authorization<"public", undefined, false>;
     /**
      * Authorize authenticated users. By default, `.private()` uses an Amazon Cognito user pool based authorization. You can additionally
-     * use `.authenticated("iam")` or `.authenticated("oidc")` to use IAM or OIDC based authorization for authenticated users.
-     * @param provider the authentication provider - supports "userPools", "iam", or "oidc"
+     * use `.authenticated("identityPool")` or `.authenticated("oidc")` to use Identity Pool or OIDC based authorization for authenticated users.
+     * @param provider the authentication provider - supports "userPools", "identityPool", or "oidc"
      * @returns an authorization rule for authenticated users
      */
     readonly authenticated: (provider?: PrivateProvider) => Authorization<"private", undefined, false>;
@@ -347,7 +347,7 @@ export type ImpliedAuthField<T extends Authorization<any, any, any>> = T extends
 export type ImpliedAuthFields<T extends Authorization<any, any, any>> = ImpliedAuthField<T> extends never ? never : UnionToIntersection<ImpliedAuthField<T>>;
 export declare const accessData: <T extends Authorization<any, any, any>>(authorization: T) => {
     strategy?: any;
-    provider?: "function" | "apiKey" | "iam" | "oidc" | "userPools" | undefined;
+    provider?: "function" | "apiKey" | "identityPool" | "oidc" | "userPools" | undefined;
     operations?: ("create" | "get" | "update" | "delete" | "list" | "search" | "read" | "sync" | "listen")[] | undefined;
     groupOrOwnerField?: any;
     groups?: string[] | undefined;

package/dist/esm/Authorization.mjs CHANGED Viewed

@@ -4,11 +4,11 @@ const __data = Symbol('data');
  *
  * This list should not be used if you need to restrict available providers
  * according to an auth strategcy. E.g., `public` auth can only be facilitated
- * by `apiKey` and `iam` providers.
+ * by `apiKey` and `identityPool` providers.
  */
 const Providers = [
     'apiKey',
-    'iam',
+    'identityPool',
     'userPools',
     'oidc',
     'function',
@@ -16,11 +16,11 @@ const Providers = [
 /**
  * The subset of auth providers that can facilitate `public` auth.
  */
-const PublicProviders = ['apiKey', 'iam'];
+const PublicProviders = ['apiKey', 'identityPool'];
 /**
  * The subset of auth providers that can facilitate `private` auth.
  */
-const PrivateProviders = ['userPools', 'oidc', 'iam'];
+const PrivateProviders = ['userPools', 'oidc', 'identityPool'];
 /**
  * The subset of auth providers that can facilitate `owner` auth.
  */
@@ -112,7 +112,7 @@ function authData(defaults, builderMethods) {
 }
 /**
  * Defines an authorization rule for your data models and fields. First choose an authorization strategy (`public`,
- * `private`, `owner`, `group`, or `custom`), then choose an auth provider (`apiKey`, `iam`, `userPools`, `oidc`, or `function`)
+ * `private`, `owner`, `group`, or `custom`), then choose an auth provider (`apiKey`, `identitypool`, `userPools`, `oidc`, or `function`)
  * and optionally use `.to(...)` to specify the operations that can be performed against your data models and fields.
  */
 const allow = {
@@ -129,21 +129,21 @@ const allow = {
         });
     },
     /**
-     * Authorize unauthenticated users by using IAM based authorization.
+     * Authorize unauthenticated users by using IDENTITYPOOL based authorization.
      * @returns an authorization rule for unauthenticated users
      */
     guest() {
         return authData({
             strategy: 'public',
-            provider: 'iam',
+            provider: 'identityPool',
         }, {
             to,
         });
     },
     /**
-     * Authorize authenticated users. By default, `.private()` uses an Amazon Cognito user pool based authorization. You can additionally
-     * use `.authenticated("iam")` or `.authenticated("oidc")` to use IAM or OIDC based authorization for authenticated users.
-     * @param provider the authentication provider - supports "userPools", "iam", or "oidc"
+     * Authorize authenticated users. By default, `.authenticated()` uses an Amazon Cognito user pool based authorization. You can additionally
+     * use `.authenticated("identityPool")` or `.authenticated("oidc")` to use identityPool or OIDC based authorization for authenticated users.
+     * @param provider the authentication provider - supports "userPools", "identityPool", or "oidc"
      * @returns an authorization rule for authenticated users
      */
     authenticated(provider) {
@@ -167,7 +167,7 @@ const allow = {
      * To change the specific claim that should be used as the user identifier within the owner field, chain the
      * `.identityClaim(...)` method.
      *
-     * @param provider the authentication provider - supports "userPools", "iam", or "oidc"
+     * @param provider the authentication provider - supports "userPools", "identityPool", or "oidc"
      * @returns an authorization rule for authenticated users
      */
     owner(provider) {
@@ -191,7 +191,7 @@ const allow = {
      * `.identityClaim(...)` method.
      *
      * @param ownerField the field that contains the owner information
-     * @param provider the authentication provider - supports "userPools", "iam", or "oidc"
+     * @param provider the authentication provider - supports "userPools", "identityPool", or "oidc"
      * @returns an authorization rule for authenticated users
      */
     ownerDefinedIn(ownerField, provider) {
@@ -219,7 +219,7 @@ const allow = {
      * `.identityClaim(...)` method.
      *
      * @param ownersField the field that contains the owners information
-     * @param provider the authentication provider - supports "userPools", "iam", or "oidc"
+     * @param provider the authentication provider - supports "userPools", "identityPool", or "oidc"
      * @returns an authorization rule for authenticated users
      */
     ownersDefinedIn(ownersField, provider) {
@@ -362,19 +362,19 @@ const allowForCustomOperations = {
         }, {});
     },
     /**
-     * Authorize unauthenticated users by using IAM based authorization.
+     * Authorize unauthenticated users by using identityPool based authorization.
      * @returns an authorization rule for unauthenticated users
      */
     guest() {
         return authData({
             strategy: 'public',
-            provider: 'iam',
+            provider: 'identityPool',
         }, {});
     },
     /**
      * Authorize authenticated users. By default, `.private()` uses an Amazon Cognito user pool based authorization. You can additionally
-     * use `.authenticated("iam")` or `.authenticated("oidc")` to use IAM or OIDC based authorization for authenticated users.
-     * @param provider the authentication provider - supports "userPools", "iam", or "oidc"
+     * use `.authenticated("identityPool")` or `.authenticated("oidc")` to use Identity Pool or OIDC based authorization for authenticated users.
+     * @param provider the authentication provider - supports "userPools", "identityPool", or "oidc"
      * @returns an authorization rule for authenticated users
      */
     authenticated(provider) {

package/dist/esm/Authorization.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"Authorization.mjs","sources":["../../src/Authorization.ts"],"sourcesContent":["const __data = Symbol('data');\n/*\n All possible providers.\n \n This list should not be used if you need to restrict available providers\n * according to an auth strategcy. E.g., `public` auth can only be facilitated\n * by `apiKey` and `iam` providers.\n /\nexport const Providers = [\n 'apiKey',\n 'iam',\n 'userPools',\n 'oidc',\n 'function',\n];\n/\n The subset of auth providers that can facilitate `public` auth.\n /\nexport const PublicProviders = ['apiKey', 'iam'];\n/\n The subset of auth providers that can facilitate `private` auth.\n /\nexport const PrivateProviders = ['userPools', 'oidc', 'iam'];\n/\n The subset of auth providers that can facilitate `owner` auth.\n /\nexport const OwnerProviders = ['userPools', 'oidc'];\n/\n The subset of auth providers that can facilitate `group` auth.\n /\nexport const GroupProviders = ['userPools', 'oidc'];\n/\n The subset of auth providers that can facilitate `custom` auth.\n /\nexport const CustomProviders = ['function'];\nexport const Strategies = [\n 'public',\n 'private',\n 'owner',\n 'groups',\n 'custom',\n];\n/\n The operations that can be performed against an API.\n /\nexport const Operations = [\n 'create',\n 'update',\n 'delete',\n 'read',\n 'get',\n 'list',\n 'sync',\n 'listen',\n 'search',\n];\n/\n The operations that can be performed against an API by a Lambda function.\n /\nexport const ResourceOperations = ['query', 'mutate', 'listen'];\n/\n Creates a shallow copy of an object with an individual field pruned away.\n \n @param original The original object to prune.\n * @param without The field to prune.\n * @returns The pruned object.\n /\nfunction omit(original, without) {\n const pruned = { ...original };\n delete pruned[without];\n return pruned;\n}\nfunction to(operations) {\n this[__data].operations = operations;\n return omit(this, 'to');\n}\n/\n Specifies a property of the identity JWT to use in place of `sub::username`\n * as the value to match against the owner field for authorization.\n \n @param this Authorization object to operate against.\n * @param property A property of identity JWT.\n * @returns A copy of the Authorization object with the claim attached.\n /\nfunction identityClaim(property) {\n this[__data].identityClaim = property;\n return omit(this, 'identityClaim');\n}\nfunction withClaimIn(property) {\n this[__data].groupClaim = property;\n return omit(this, 'withClaimIn');\n}\nfunction validateProvider(needle, haystack) {\n if (needle && !haystack.includes(needle)) {\n throw new Error(`Invalid provider (${needle}) given!`);\n }\n}\nfunction authData(defaults, builderMethods) {\n return {\n [__data]: {\n strategy: 'public',\n provider: undefined,\n operations: undefined,\n groupOrOwnerField: undefined,\n multiOwner: false,\n identityClaim: undefined,\n groups: undefined,\n ...defaults,\n },\n ...builderMethods,\n };\n}\n/\n Defines an authorization rule for your data models and fields. First choose an authorization strategy (`public`,\n * `private`, `owner`, `group`, or `custom`), then choose an auth provider (`apiKey`, `iam`, `userPools`, `oidc`, or `function`)\n * and optionally use `.to(...)` to specify the operations that can be performed against your data models and fields.\n /\nexport const allow = {\n /\n Authorize unauthenticated users by using API key based authorization.\n * @returns an authorization rule for unauthenticated users\n /\n publicApiKey() {\n return authData({\n strategy: 'public',\n provider: 'apiKey',\n }, {\n to,\n });\n },\n /\n Authorize unauthenticated users by using IAM based authorization.\n * @returns an authorization rule for unauthenticated users\n /\n guest() {\n return authData({\n strategy: 'public',\n provider: 'iam',\n }, {\n to,\n });\n },\n /\n Authorize authenticated users. By default, `.private()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.authenticated(\"iam\")` or `.authenticated(\"oidc\")` to use IAM or OIDC based authorization for authenticated users.\n * @param provider the authentication provider - supports \"userPools\", \"iam\", or \"oidc\"\n * @returns an authorization rule for authenticated users\n /\n authenticated(provider) {\n validateProvider(provider, PrivateProviders);\n return authData({\n strategy: 'private',\n provider,\n }, {\n to,\n });\n },\n /\n Authorize access on a per-user (owner) basis. By setting owner-based authorization, a new `owner: a.string()`\n * field will be added to the model to store which user \"owns\" the item. Upon item creation, the \"owner field\" is\n * auto-populated with the authenticated user's information. If you want to specify which field should be used as\n * the owner field, you can use the `ownerDefinedIn` builder function instead.\n \n By default, `.owner()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.owner(\"oidc\")` to use OIDC based authentication to designate the owner.\n \n To change the specific claim that should be used as the user identifier within the owner field, chain the\n * `.identityClaim(...)` method.\n \n @param provider the authentication provider - supports \"userPools\", \"iam\", or \"oidc\"\n * @returns an authorization rule for authenticated users\n /\n owner(provider) {\n validateProvider(provider, OwnerProviders);\n return authData({\n strategy: 'owner',\n provider,\n groupOrOwnerField: 'owner',\n }, {\n to,\n identityClaim,\n });\n },\n /\n Authorize access on a per-user (owner) basis with specifying which field should be used as the owner field.\n \n By default, `.owner()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.ownerDefinedIn(\"owner\", \"oidc\")` to use OIDC based authentication to designate the owner.\n \n To change the specific claim that should be used as the user identifier within the owner field, chain the\n * `.identityClaim(...)` method.\n \n @param ownerField the field that contains the owner information\n * @param provider the authentication provider - supports \"userPools\", \"iam\", or \"oidc\"\n * @returns an authorization rule for authenticated users\n /\n ownerDefinedIn(ownerField, provider) {\n validateProvider(provider, OwnerProviders);\n return authData({\n strategy: 'owner',\n provider,\n groupOrOwnerField: ownerField,\n }, {\n to,\n identityClaim,\n });\n },\n /\n Authorize access for multi-user / multi-owner access. By setting multi-owner-based authorization, a new `owners: a.string().array()`\n * field will be added to the model to store which users \"own\" the item. Upon item creation, the \"owners field\" is\n * auto-populated with the authenticated user's information. To grant other users access to the item, append their user identifier into the `owners` array.\n \n You can specify which field should be used as the owners field by passing the `ownersField` parameter.\n \n By default, `.ownersDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.ownersDefinedIn(\"owners\", \"oidc\")` to use OIDC based authentication to designate the owner.\n \n To change the specific claim that should be used as the user identifier within the owners field, chain the\n * `.identityClaim(...)` method.\n \n @param ownersField the field that contains the owners information\n * @param provider the authentication provider - supports \"userPools\", \"iam\", or \"oidc\"\n * @returns an authorization rule for authenticated users\n /\n ownersDefinedIn(ownersField, provider) {\n validateProvider(provider, OwnerProviders);\n return authData({\n strategy: 'owner',\n provider,\n groupOrOwnerField: ownersField,\n multiOwner: true,\n }, {\n to,\n identityClaim,\n });\n },\n /\n Authorize a specific user group. Provide the name of the specific user group to have access.\n \n By default, `.group()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.group(\"group-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n \n To change the specific claim that should be used as the user group identifier, chain the\n * `.withClaimIn(...)` method.\n * @param group the name of the group to authorize\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n /\n group(group, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groups: [group],\n }, {\n to,\n withClaimIn,\n });\n },\n /\n Authorize multiple specific user groups. Provide the names of the specific user groups to have access.\n \n By default, `.groups()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.groups([\"group-a\", \"group-b\"], \"oidc\")` to use OIDC based authentication to designate the user group.\n \n To change the specific claim that should be used as the user group identifier, chain the\n * `.withClaimIn(...)` method.\n * @param groups the names of the group to authorize defined as an array\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n /\n groups(groups, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groups,\n }, {\n to,\n withClaimIn,\n });\n },\n /\n Authorize if a user is part of a group defined in a data model field.\n \n By default, `.groupDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.groupDefinedIn(\"field-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n \n To change the specific claim that should be used as the user group identifier within the groups field, chain the\n * `.withClaimIn(...)` method.\n * @param groupsField the field that should store the authorized user group information\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n /\n groupDefinedIn(groupsField, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groupOrOwnerField: groupsField,\n }, {\n to,\n withClaimIn,\n });\n },\n /\n Authorize if a user is part of a one of the groups defined in a data model field.\n \n By default, `.groupsDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.groupsDefinedIn(\"field-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n \n To change the specific claim that should be used as the user group identifier within the groups field, chain the\n * `.withClaimIn(...)` method.\n * @param groupsField the field that should store the list of authorized user groups\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n /\n groupsDefinedIn(groupsField, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groupOrOwnerField: groupsField,\n multiOwner: true,\n }, {\n to,\n withClaimIn,\n });\n },\n custom(provider) {\n return authData({\n strategy: 'custom',\n provider,\n }, {\n to,\n });\n },\n resource(fn) {\n return resourceAuthData(fn, {\n to: resourceTo,\n });\n },\n};\n/\n This is a copy of the {@link allow} defined above, with modifications for custom operations.\n \n Removed builder methods:\n \n * `owner`\n * * `ownerDefinedIn`\n * * `ownersDefinedIn`\n * * `groupDefinedIn`\n * * `groupsDefinedIn`\n * * `resource`\n * * `.to()` builder method from each available rule builder\n /\nexport const allowForCustomOperations = {\n /\n Authorize unauthenticated users by using API key based authorization.\n * @returns an authorization rule for unauthenticated users\n /\n publicApiKey() {\n return authData({\n strategy: 'public',\n provider: 'apiKey',\n }, {});\n },\n /\n Authorize unauthenticated users by using IAM based authorization.\n * @returns an authorization rule for unauthenticated users\n /\n guest() {\n return authData({\n strategy: 'public',\n provider: 'iam',\n }, {});\n },\n /\n Authorize authenticated users. By default, `.private()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.authenticated(\"iam\")` or `.authenticated(\"oidc\")` to use IAM or OIDC based authorization for authenticated users.\n * @param provider the authentication provider - supports \"userPools\", \"iam\", or \"oidc\"\n * @returns an authorization rule for authenticated users\n /\n authenticated(provider) {\n validateProvider(provider, PrivateProviders);\n return authData({\n strategy: 'private',\n provider,\n }, {});\n },\n /\n Authorize a specific user group. Provide the name of the specific user group to have access.\n \n By default, `.group()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.group(\"group-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n \n @param group the name of the group to authorize\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n /\n group(group, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groups: [group],\n }, {});\n },\n /\n Authorize multiple specific user groups. Provide the names of the specific user groups to have access.\n \n By default, `.groups()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.groups([\"group-a\", \"group-b\"], \"oidc\")` to use OIDC based authentication to designate the user group.\n \n @param groups the names of the group to authorize defined as an array\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n */\n groups(groups, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groups,\n }, {});\n },\n custom(provider) {\n return authData({\n strategy: 'custom',\n provider,\n }, {});\n },\n};\nfunction resourceTo(operations) {\n this[__data].operations = operations;\n return omit(this, 'to');\n}\nfunction resourceAuthData(resource, builderMethods) {\n return {\n [__data]: {\n strategy: 'resource',\n resource,\n },\n ...builderMethods,\n };\n}\nexport const accessData = (authorization) => authorization[__data];\n// TODO: delete when we make resource auth available at each level in the schema (model, field)\nexport const accessSchemaData = (authorization) => authorization[__data];\n"],"names":[],"mappings":"AAAA,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;AAC9B;AACA;AACA;AACA;AACA;AACA;AACA;AACY,MAAC,SAAS,GAAG;AACzB,IAAI,QAAQ;AACZ,IAAI,KAAK;AACT,IAAI,WAAW;AACf,IAAI,MAAM;AACV,IAAI,UAAU;AACd,EAAE;AACF;AACA;AACA;AACY,MAAC,eAAe,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE;AACjD;AACA;AACA;AACY,MAAC,gBAAgB,GAAG,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE;AAC7D;AACA;AACA;AACY,MAAC,cAAc,GAAG,CAAC,WAAW,EAAE,MAAM,EAAE;AACpD;AACA;AACA;AACY,MAAC,cAAc,GAAG,CAAC,WAAW,EAAE,MAAM,EAAE;AACpD;AACA;AACA;AACY,MAAC,eAAe,GAAG,CAAC,UAAU,EAAE;AAChC,MAAC,UAAU,GAAG;AAC1B,IAAI,QAAQ;AACZ,IAAI,SAAS;AACb,IAAI,OAAO;AACX,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,EAAE;AACF;AACA;AACA;AACY,MAAC,UAAU,GAAG;AAC1B,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,IAAI,MAAM;AACV,IAAI,KAAK;AACT,IAAI,MAAM;AACV,IAAI,MAAM;AACV,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,EAAE;AACF;AACA;AACA;AACY,MAAC,kBAAkB,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE;AAChE;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE;AACjC,IAAI,MAAM,MAAM,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;AACnC,IAAI,OAAO,MAAM,CAAC,OAAO,CAAC,CAAC;AAC3B,IAAI,OAAO,MAAM,CAAC;AAClB,CAAC;AACD,SAAS,EAAE,CAAC,UAAU,EAAE;AACxB,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,UAAU,GAAG,UAAU,CAAC;AACzC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AAC5B,CAAC;AACD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,aAAa,CAAC,QAAQ,EAAE;AACjC,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,aAAa,GAAG,QAAQ,CAAC;AAC1C,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;AACvC,CAAC;AACD,SAAS,WAAW,CAAC,QAAQ,EAAE;AAC/B,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,UAAU,GAAG,QAAQ,CAAC;AACvC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;AACrC,CAAC;AACD,SAAS,gBAAgB,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC5C,IAAI,IAAI,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;AAC9C,QAAQ,MAAM,IAAI,KAAK,CAAC,CAAC,kBAAkB,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC/D,KAAK;AACL,CAAC;AACD,SAAS,QAAQ,CAAC,QAAQ,EAAE,cAAc,EAAE;AAC5C,IAAI,OAAO;AACX,QAAQ,CAAC,MAAM,GAAG;AAClB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,SAAS;AAC/B,YAAY,UAAU,EAAE,SAAS;AACjC,YAAY,iBAAiB,EAAE,SAAS;AACxC,YAAY,UAAU,EAAE,KAAK;AAC7B,YAAY,aAAa,EAAE,SAAS;AACpC,YAAY,MAAM,EAAE,SAAS;AAC7B,YAAY,GAAG,QAAQ;AACvB,SAAS;AACT,QAAQ,GAAG,cAAc;AACzB,KAAK,CAAC;AACN,CAAC;AACD;AACA;AACA;AACA;AACA;AACY,MAAC,KAAK,GAAG;AACrB;AACA;AACA;AACA;AACA,IAAI,YAAY,GAAG;AACnB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,QAAQ;AAC9B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA,IAAI,KAAK,GAAG;AACZ,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,KAAK;AAC3B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,aAAa,CAAC,QAAQ,EAAE;AAC5B,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;AACrD,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,SAAS;AAC/B,YAAY,QAAQ;AACpB,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK,CAAC,QAAQ,EAAE;AACpB,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;AACnD,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,OAAO;AACtC,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,cAAc,CAAC,UAAU,EAAE,QAAQ,EAAE;AACzC,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;AACnD,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,UAAU;AACzC,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,eAAe,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC3C,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;AACnD,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,WAAW;AAC1C,YAAY,UAAU,EAAE,IAAI;AAC5B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE;AAC3B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM,EAAE,CAAC,KAAK,CAAC;AAC3B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC7B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM;AAClB,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,cAAc,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC1C,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,WAAW;AAC1C,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,eAAe,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC3C,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,WAAW;AAC1C,YAAY,UAAU,EAAE,IAAI;AAC5B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL,IAAI,MAAM,CAAC,QAAQ,EAAE;AACrB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL,IAAI,QAAQ,CAAC,EAAE,EAAE;AACjB,QAAQ,OAAO,gBAAgB,CAAC,EAAE,EAAE;AACpC,YAAY,EAAE,EAAE,UAAU;AAC1B,SAAS,CAAC,CAAC;AACX,KAAK;AACL,EAAE;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACY,MAAC,wBAAwB,GAAG;AACxC;AACA;AACA;AACA;AACA,IAAI,YAAY,GAAG;AACnB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,QAAQ;AAC9B,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA,IAAI,KAAK,GAAG;AACZ,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,KAAK;AAC3B,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,aAAa,CAAC,QAAQ,EAAE;AAC5B,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;AACrD,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,SAAS;AAC/B,YAAY,QAAQ;AACpB,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE;AAC3B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM,EAAE,CAAC,KAAK,CAAC;AAC3B,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC7B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM;AAClB,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL,IAAI,MAAM,CAAC,QAAQ,EAAE;AACrB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL,EAAE;AACF,SAAS,UAAU,CAAC,UAAU,EAAE;AAChC,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,UAAU,GAAG,UAAU,CAAC;AACzC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AAC5B,CAAC;AACD,SAAS,gBAAgB,CAAC,QAAQ,EAAE,cAAc,EAAE;AACpD,IAAI,OAAO;AACX,QAAQ,CAAC,MAAM,GAAG;AAClB,YAAY,QAAQ,EAAE,UAAU;AAChC,YAAY,QAAQ;AACpB,SAAS;AACT,QAAQ,GAAG,cAAc;AACzB,KAAK,CAAC;AACN,CAAC;AACW,MAAC,UAAU,GAAG,CAAC,aAAa,KAAK,aAAa,CAAC,MAAM,EAAE;AACnE;AACY,MAAC,gBAAgB,GAAG,CAAC,aAAa,KAAK,aAAa,CAAC,MAAM;;;;"}
1	+ {"version":3,"file":"Authorization.mjs","sources":["../../src/Authorization.ts"],"sourcesContent":["const __data = Symbol('data');\n/*\n All possible providers.\n \n This list should not be used if you need to restrict available providers\n * according to an auth strategcy. E.g., `public` auth can only be facilitated\n * by `apiKey` and `identityPool` providers.\n /\nexport const Providers = [\n 'apiKey',\n 'identityPool',\n 'userPools',\n 'oidc',\n 'function',\n];\n/\n The subset of auth providers that can facilitate `public` auth.\n /\nexport const PublicProviders = ['apiKey', 'identityPool'];\n/\n The subset of auth providers that can facilitate `private` auth.\n /\nexport const PrivateProviders = ['userPools', 'oidc', 'identityPool'];\n/\n The subset of auth providers that can facilitate `owner` auth.\n /\nexport const OwnerProviders = ['userPools', 'oidc'];\n/\n The subset of auth providers that can facilitate `group` auth.\n /\nexport const GroupProviders = ['userPools', 'oidc'];\n/\n The subset of auth providers that can facilitate `custom` auth.\n /\nexport const CustomProviders = ['function'];\nexport const Strategies = [\n 'public',\n 'private',\n 'owner',\n 'groups',\n 'custom',\n];\n/\n The operations that can be performed against an API.\n /\nexport const Operations = [\n 'create',\n 'update',\n 'delete',\n 'read',\n 'get',\n 'list',\n 'sync',\n 'listen',\n 'search',\n];\n/\n The operations that can be performed against an API by a Lambda function.\n /\nexport const ResourceOperations = ['query', 'mutate', 'listen'];\n/\n Creates a shallow copy of an object with an individual field pruned away.\n \n @param original The original object to prune.\n * @param without The field to prune.\n * @returns The pruned object.\n /\nfunction omit(original, without) {\n const pruned = { ...original };\n delete pruned[without];\n return pruned;\n}\nfunction to(operations) {\n this[__data].operations = operations;\n return omit(this, 'to');\n}\n/\n Specifies a property of the identity JWT to use in place of `sub::username`\n * as the value to match against the owner field for authorization.\n \n @param this Authorization object to operate against.\n * @param property A property of identity JWT.\n * @returns A copy of the Authorization object with the claim attached.\n /\nfunction identityClaim(property) {\n this[__data].identityClaim = property;\n return omit(this, 'identityClaim');\n}\nfunction withClaimIn(property) {\n this[__data].groupClaim = property;\n return omit(this, 'withClaimIn');\n}\nfunction validateProvider(needle, haystack) {\n if (needle && !haystack.includes(needle)) {\n throw new Error(`Invalid provider (${needle}) given!`);\n }\n}\nfunction authData(defaults, builderMethods) {\n return {\n [__data]: {\n strategy: 'public',\n provider: undefined,\n operations: undefined,\n groupOrOwnerField: undefined,\n multiOwner: false,\n identityClaim: undefined,\n groups: undefined,\n ...defaults,\n },\n ...builderMethods,\n };\n}\n/\n Defines an authorization rule for your data models and fields. First choose an authorization strategy (`public`,\n * `private`, `owner`, `group`, or `custom`), then choose an auth provider (`apiKey`, `identitypool`, `userPools`, `oidc`, or `function`)\n * and optionally use `.to(...)` to specify the operations that can be performed against your data models and fields.\n /\nexport const allow = {\n /\n Authorize unauthenticated users by using API key based authorization.\n * @returns an authorization rule for unauthenticated users\n /\n publicApiKey() {\n return authData({\n strategy: 'public',\n provider: 'apiKey',\n }, {\n to,\n });\n },\n /\n Authorize unauthenticated users by using IDENTITYPOOL based authorization.\n * @returns an authorization rule for unauthenticated users\n /\n guest() {\n return authData({\n strategy: 'public',\n provider: 'identityPool',\n }, {\n to,\n });\n },\n /\n Authorize authenticated users. By default, `.authenticated()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.authenticated(\"identityPool\")` or `.authenticated(\"oidc\")` to use identityPool or OIDC based authorization for authenticated users.\n * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n * @returns an authorization rule for authenticated users\n /\n authenticated(provider) {\n validateProvider(provider, PrivateProviders);\n return authData({\n strategy: 'private',\n provider,\n }, {\n to,\n });\n },\n /\n Authorize access on a per-user (owner) basis. By setting owner-based authorization, a new `owner: a.string()`\n * field will be added to the model to store which user \"owns\" the item. Upon item creation, the \"owner field\" is\n * auto-populated with the authenticated user's information. If you want to specify which field should be used as\n * the owner field, you can use the `ownerDefinedIn` builder function instead.\n \n By default, `.owner()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.owner(\"oidc\")` to use OIDC based authentication to designate the owner.\n \n To change the specific claim that should be used as the user identifier within the owner field, chain the\n * `.identityClaim(...)` method.\n \n @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n * @returns an authorization rule for authenticated users\n /\n owner(provider) {\n validateProvider(provider, OwnerProviders);\n return authData({\n strategy: 'owner',\n provider,\n groupOrOwnerField: 'owner',\n }, {\n to,\n identityClaim,\n });\n },\n /\n Authorize access on a per-user (owner) basis with specifying which field should be used as the owner field.\n \n By default, `.owner()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.ownerDefinedIn(\"owner\", \"oidc\")` to use OIDC based authentication to designate the owner.\n \n To change the specific claim that should be used as the user identifier within the owner field, chain the\n * `.identityClaim(...)` method.\n \n @param ownerField the field that contains the owner information\n * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n * @returns an authorization rule for authenticated users\n /\n ownerDefinedIn(ownerField, provider) {\n validateProvider(provider, OwnerProviders);\n return authData({\n strategy: 'owner',\n provider,\n groupOrOwnerField: ownerField,\n }, {\n to,\n identityClaim,\n });\n },\n /\n Authorize access for multi-user / multi-owner access. By setting multi-owner-based authorization, a new `owners: a.string().array()`\n * field will be added to the model to store which users \"own\" the item. Upon item creation, the \"owners field\" is\n * auto-populated with the authenticated user's information. To grant other users access to the item, append their user identifier into the `owners` array.\n \n You can specify which field should be used as the owners field by passing the `ownersField` parameter.\n \n By default, `.ownersDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.ownersDefinedIn(\"owners\", \"oidc\")` to use OIDC based authentication to designate the owner.\n \n To change the specific claim that should be used as the user identifier within the owners field, chain the\n * `.identityClaim(...)` method.\n \n @param ownersField the field that contains the owners information\n * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n * @returns an authorization rule for authenticated users\n /\n ownersDefinedIn(ownersField, provider) {\n validateProvider(provider, OwnerProviders);\n return authData({\n strategy: 'owner',\n provider,\n groupOrOwnerField: ownersField,\n multiOwner: true,\n }, {\n to,\n identityClaim,\n });\n },\n /\n Authorize a specific user group. Provide the name of the specific user group to have access.\n \n By default, `.group()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.group(\"group-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n \n To change the specific claim that should be used as the user group identifier, chain the\n * `.withClaimIn(...)` method.\n * @param group the name of the group to authorize\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n /\n group(group, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groups: [group],\n }, {\n to,\n withClaimIn,\n });\n },\n /\n Authorize multiple specific user groups. Provide the names of the specific user groups to have access.\n \n By default, `.groups()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.groups([\"group-a\", \"group-b\"], \"oidc\")` to use OIDC based authentication to designate the user group.\n \n To change the specific claim that should be used as the user group identifier, chain the\n * `.withClaimIn(...)` method.\n * @param groups the names of the group to authorize defined as an array\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n /\n groups(groups, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groups,\n }, {\n to,\n withClaimIn,\n });\n },\n /\n Authorize if a user is part of a group defined in a data model field.\n \n By default, `.groupDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.groupDefinedIn(\"field-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n \n To change the specific claim that should be used as the user group identifier within the groups field, chain the\n * `.withClaimIn(...)` method.\n * @param groupsField the field that should store the authorized user group information\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n /\n groupDefinedIn(groupsField, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groupOrOwnerField: groupsField,\n }, {\n to,\n withClaimIn,\n });\n },\n /\n Authorize if a user is part of a one of the groups defined in a data model field.\n \n By default, `.groupsDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.groupsDefinedIn(\"field-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n \n To change the specific claim that should be used as the user group identifier within the groups field, chain the\n * `.withClaimIn(...)` method.\n * @param groupsField the field that should store the list of authorized user groups\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n /\n groupsDefinedIn(groupsField, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groupOrOwnerField: groupsField,\n multiOwner: true,\n }, {\n to,\n withClaimIn,\n });\n },\n custom(provider) {\n return authData({\n strategy: 'custom',\n provider,\n }, {\n to,\n });\n },\n resource(fn) {\n return resourceAuthData(fn, {\n to: resourceTo,\n });\n },\n};\n/\n This is a copy of the {@link allow} defined above, with modifications for custom operations.\n \n Removed builder methods:\n \n * `owner`\n * * `ownerDefinedIn`\n * * `ownersDefinedIn`\n * * `groupDefinedIn`\n * * `groupsDefinedIn`\n * * `resource`\n * * `.to()` builder method from each available rule builder\n /\nexport const allowForCustomOperations = {\n /\n Authorize unauthenticated users by using API key based authorization.\n * @returns an authorization rule for unauthenticated users\n /\n publicApiKey() {\n return authData({\n strategy: 'public',\n provider: 'apiKey',\n }, {});\n },\n /\n Authorize unauthenticated users by using identityPool based authorization.\n * @returns an authorization rule for unauthenticated users\n /\n guest() {\n return authData({\n strategy: 'public',\n provider: 'identityPool',\n }, {});\n },\n /\n Authorize authenticated users. By default, `.private()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.authenticated(\"identityPool\")` or `.authenticated(\"oidc\")` to use Identity Pool or OIDC based authorization for authenticated users.\n * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n * @returns an authorization rule for authenticated users\n /\n authenticated(provider) {\n validateProvider(provider, PrivateProviders);\n return authData({\n strategy: 'private',\n provider,\n }, {});\n },\n /\n Authorize a specific user group. Provide the name of the specific user group to have access.\n \n By default, `.group()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.group(\"group-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n \n @param group the name of the group to authorize\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n /\n group(group, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groups: [group],\n }, {});\n },\n /\n Authorize multiple specific user groups. Provide the names of the specific user groups to have access.\n \n By default, `.groups()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.groups([\"group-a\", \"group-b\"], \"oidc\")` to use OIDC based authentication to designate the user group.\n \n @param groups the names of the group to authorize defined as an array\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n */\n groups(groups, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groups,\n }, {});\n },\n custom(provider) {\n return authData({\n strategy: 'custom',\n provider,\n }, {});\n },\n};\nfunction resourceTo(operations) {\n this[__data].operations = operations;\n return omit(this, 'to');\n}\nfunction resourceAuthData(resource, builderMethods) {\n return {\n [__data]: {\n strategy: 'resource',\n resource,\n },\n ...builderMethods,\n };\n}\nexport const accessData = (authorization) => authorization[__data];\n// TODO: delete when we make resource auth available at each level in the schema (model, field)\nexport const accessSchemaData = (authorization) => authorization[__data];\n"],"names":[],"mappings":"AAAA,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;AAC9B;AACA;AACA;AACA;AACA;AACA;AACA;AACY,MAAC,SAAS,GAAG;AACzB,IAAI,QAAQ;AACZ,IAAI,cAAc;AAClB,IAAI,WAAW;AACf,IAAI,MAAM;AACV,IAAI,UAAU;AACd,EAAE;AACF;AACA;AACA;AACY,MAAC,eAAe,GAAG,CAAC,QAAQ,EAAE,cAAc,EAAE;AAC1D;AACA;AACA;AACY,MAAC,gBAAgB,GAAG,CAAC,WAAW,EAAE,MAAM,EAAE,cAAc,EAAE;AACtE;AACA;AACA;AACY,MAAC,cAAc,GAAG,CAAC,WAAW,EAAE,MAAM,EAAE;AACpD;AACA;AACA;AACY,MAAC,cAAc,GAAG,CAAC,WAAW,EAAE,MAAM,EAAE;AACpD;AACA;AACA;AACY,MAAC,eAAe,GAAG,CAAC,UAAU,EAAE;AAChC,MAAC,UAAU,GAAG;AAC1B,IAAI,QAAQ;AACZ,IAAI,SAAS;AACb,IAAI,OAAO;AACX,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,EAAE;AACF;AACA;AACA;AACY,MAAC,UAAU,GAAG;AAC1B,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,IAAI,MAAM;AACV,IAAI,KAAK;AACT,IAAI,MAAM;AACV,IAAI,MAAM;AACV,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,EAAE;AACF;AACA;AACA;AACY,MAAC,kBAAkB,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE;AAChE;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE;AACjC,IAAI,MAAM,MAAM,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;AACnC,IAAI,OAAO,MAAM,CAAC,OAAO,CAAC,CAAC;AAC3B,IAAI,OAAO,MAAM,CAAC;AAClB,CAAC;AACD,SAAS,EAAE,CAAC,UAAU,EAAE;AACxB,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,UAAU,GAAG,UAAU,CAAC;AACzC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AAC5B,CAAC;AACD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,aAAa,CAAC,QAAQ,EAAE;AACjC,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,aAAa,GAAG,QAAQ,CAAC;AAC1C,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;AACvC,CAAC;AACD,SAAS,WAAW,CAAC,QAAQ,EAAE;AAC/B,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,UAAU,GAAG,QAAQ,CAAC;AACvC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;AACrC,CAAC;AACD,SAAS,gBAAgB,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC5C,IAAI,IAAI,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;AAC9C,QAAQ,MAAM,IAAI,KAAK,CAAC,CAAC,kBAAkB,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC/D,KAAK;AACL,CAAC;AACD,SAAS,QAAQ,CAAC,QAAQ,EAAE,cAAc,EAAE;AAC5C,IAAI,OAAO;AACX,QAAQ,CAAC,MAAM,GAAG;AAClB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,SAAS;AAC/B,YAAY,UAAU,EAAE,SAAS;AACjC,YAAY,iBAAiB,EAAE,SAAS;AACxC,YAAY,UAAU,EAAE,KAAK;AAC7B,YAAY,aAAa,EAAE,SAAS;AACpC,YAAY,MAAM,EAAE,SAAS;AAC7B,YAAY,GAAG,QAAQ;AACvB,SAAS;AACT,QAAQ,GAAG,cAAc;AACzB,KAAK,CAAC;AACN,CAAC;AACD;AACA;AACA;AACA;AACA;AACY,MAAC,KAAK,GAAG;AACrB;AACA;AACA;AACA;AACA,IAAI,YAAY,GAAG;AACnB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,QAAQ;AAC9B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA,IAAI,KAAK,GAAG;AACZ,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,cAAc;AACpC,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,aAAa,CAAC,QAAQ,EAAE;AAC5B,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;AACrD,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,SAAS;AAC/B,YAAY,QAAQ;AACpB,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK,CAAC,QAAQ,EAAE;AACpB,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;AACnD,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,OAAO;AACtC,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,cAAc,CAAC,UAAU,EAAE,QAAQ,EAAE;AACzC,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;AACnD,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,UAAU;AACzC,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,eAAe,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC3C,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;AACnD,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,WAAW;AAC1C,YAAY,UAAU,EAAE,IAAI;AAC5B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE;AAC3B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM,EAAE,CAAC,KAAK,CAAC;AAC3B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC7B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM;AAClB,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,cAAc,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC1C,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,WAAW;AAC1C,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,eAAe,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC3C,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,WAAW;AAC1C,YAAY,UAAU,EAAE,IAAI;AAC5B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL,IAAI,MAAM,CAAC,QAAQ,EAAE;AACrB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL,IAAI,QAAQ,CAAC,EAAE,EAAE;AACjB,QAAQ,OAAO,gBAAgB,CAAC,EAAE,EAAE;AACpC,YAAY,EAAE,EAAE,UAAU;AAC1B,SAAS,CAAC,CAAC;AACX,KAAK;AACL,EAAE;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACY,MAAC,wBAAwB,GAAG;AACxC;AACA;AACA;AACA;AACA,IAAI,YAAY,GAAG;AACnB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,QAAQ;AAC9B,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA,IAAI,KAAK,GAAG;AACZ,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,cAAc;AACpC,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,aAAa,CAAC,QAAQ,EAAE;AAC5B,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;AACrD,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,SAAS;AAC/B,YAAY,QAAQ;AACpB,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE;AAC3B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM,EAAE,CAAC,KAAK,CAAC;AAC3B,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC7B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM;AAClB,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL,IAAI,MAAM,CAAC,QAAQ,EAAE;AACrB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL,EAAE;AACF,SAAS,UAAU,CAAC,UAAU,EAAE;AAChC,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,UAAU,GAAG,UAAU,CAAC;AACzC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AAC5B,CAAC;AACD,SAAS,gBAAgB,CAAC,QAAQ,EAAE,cAAc,EAAE;AACpD,IAAI,OAAO;AACX,QAAQ,CAAC,MAAM,GAAG;AAClB,YAAY,QAAQ,EAAE,UAAU;AAChC,YAAY,QAAQ;AACpB,SAAS;AACT,QAAQ,GAAG,cAAc;AACzB,KAAK,CAAC;AACN,CAAC;AACW,MAAC,UAAU,GAAG,CAAC,aAAa,KAAK,aAAa,CAAC,MAAM,EAAE;AACnE;AACY,MAAC,gBAAgB,GAAG,CAAC,aAAa,KAAK,aAAa,CAAC,MAAM;;;;"}

package/dist/esm/SchemaProcessor.mjs CHANGED Viewed

@@ -374,7 +374,9 @@ function calculateAuth(authorization) {
             };
         }
         if (rule.provider) {
-            ruleParts.push(`provider: ${rule.provider}`);
+            // identityPool maps to iam in the transform
+            const provider = rule.provider === 'identityPool' ? 'iam' : rule.provider;
+            ruleParts.push(`provider: ${provider}`);
         }
         if (rule.operations) {
             ruleParts.push(`operations: [${rule.operations.join(', ')}]`);