GraphQL Integration

The @nestjs-cognito/graphql package provides GraphQL-specific decorators and guards for authentication and authorization.

Installation

pnpm add @nestjs-cognito/graphql

Basic Setup

Configure the core authentication module:

import { CognitoAuthModule } from '@nestjs-cognito/auth';

@Module({
  imports: [
    CognitoAuthModule.register({
      jwtVerifier: {
        userPoolId: 'us-east-1_xxxxxx',
        clientId: 'your-client-id'
        tokenUse: 'access',
      },
    })
  ]
})
export class AppModule {}

Authentication

Protect your GraphQL operations using the @GqlAuthentication() decorator:

import { GqlAuthentication } from '@nestjs-cognito/graphql';

@Resolver()
export class SecureResolver {
  @Query()
  @GqlAuthentication()
  async secureData() {
    return { message: 'This is secure data' };
  }
}

Authorization

Implement role-based access control with the @GqlAuthorization() decorator:

import { GqlAuthorization } from '@nestjs-cognito/graphql';

@Resolver()
export class AdminResolver {
  @Mutation()
  @GqlAuthorization(['admin'])
  async adminOperation() {
    return { success: true };
  }
}

User Information

Access the authenticated user's information using the @GqlCognitoUser() decorator:

import { GqlCognitoUser } from '@nestjs-cognito/graphql';
import type { CognitoJwtPayload } from '@nestjs-cognito/core';

@Resolver()
export class UserResolver {
  @Query()
  async me(@GqlCognitoUser() user: CognitoJwtPayload) {
    return {
      id: user.sub,
      username: user.username,
      email: user['email']
    };
  }
}