The process for authenticating a query using OIDC by sending idToken to AppSync GraphQL involves the following steps:
- Configure OIDC authentication in AppSync and obtain the issuer URL and client ID.
- Generate an idToken for the user by authenticating with the OIDC provider.
- Add the idToken to the Authorization header of the query request, using the "Bearer" scheme.
- Send the query request to the AppSync GraphQL API endpoint.
- AppSync will validate the idToken with the OIDC provider and extract the user’s identity from the token.
- If the identity is authenticated and authorized to access the requested data, then the query is processed and the results are returned.
- If the identity is not authorized, then an error will be returned.
Overall, this process ensures that only authorized users can access protected GraphQL resources in the AppSync API.