Field level auth on a customType

[richard-jfc]

Describe the bug
a.customType() currently allows users to set authorization on fields, but when this is deployed no resolver is created and no error is displayed.

To Reproduce

const schema = a.schema({
  Post: a.customType({
    id: a.id().required(),
    title: a.string().required(),
    // I would expect this field to have a resolver and to be omitted if not logged in
    description: a.string()
      .authorization((allow) => allow.authenticated()),
  }),

  searchForPosts: a
    .query()
    .arguments({
      search: a.string(),
    })
    .returns(a.ref('Post').required().array().required())
    .handler(
      a.handler.function(defineFunction({
        entry: './posts/search.ts',
      }))
    ),

})
    .authorization((allow) => allow.publicApiKey());

Expected behavior
Either:

• (Preferred) An appropriate field resolver to be created, and for the field to be null when not authorized.
• (Less preferred) Not able to call .authorization on a customType

Desktop (please complete the following information):

• "aws-amplify": "6.15.3",

Additional context
Switching .customType to .model causes the resolver to be created (but also creates a db table that are unnecessary)

[richard-jfc]

Seems like #112 explicitly disabled customTypes having field level authorization (Unless the field is a ref to a modelType). It's unclear why that choice was made.

[pranavosu]

Hey @richard-jfc! Thanks for reporting this. It does look like this was a deliberate decision, and I'll try to find why this was done. At the very least, we should not fail silently as you've mentioned.

[richard-jfc]

@pranavosu Any update on this?