Check for User Specific Roles using AWS Amplify
The main goal of this lesson is to check to see what roles are attached to a user. On a user's accessToken, we can access their roles to check if they are an 'admin' which we can set on our app on amplifyapp.com.
Instructor: [0:00] When we implemented authorization, we restricted certain actions to admins. On the frontend, we need to check to see if a user is an admin and conditionally render based on that. I'll create a state field that stores whether a user is an admin or not.
[0:21] By default, it will be set to false. Underneath our set user, we'll set "is admin." Whether or not the user is an admin will be stored within the user object. We'll check the sign in user session, their access token, and its payload. That payload will have Cognito groups associated with it.
[0:50] We'll check to see if those groups include admin. Includes will return true or false, depending on whether admin is in the Cognito groups array or not. Let's display a message if a user is an admin. My current signed-in user is not an admin.
[1:11] I can change that through the admin UI. If I go to my apps home page and click manage groups, I'll see my user. Within group membership, I can add myself to the admin group. Now I'll sign-out, sign-in again. Now it displays the "you are an admin" message.
[1:32] We can now check to see if a user is a member of a group and conditionally render our user interface based off of that.