Closed pippo111 closed 4 years ago
@pippo111 Hi, can you provide the request headers when calling API.graphql()
? If the authMode
is AMAZON_COGNITO_USER_POOLS
, then the access token
from the Cognito service should be added into the headers.
@pippo111 are you still having this issue?
@pippo111 which version of amplify are you using? This is supported as you can see here
I'm having the same issue. I've tested this in the AppSync console and everything works fine.
Here's the base schema:
type Post @model @auth(rules: [
{allow: public, provider: iam}
]) {
id: ID!
title: String!
}
Here's the query in the transformed schema:
type Query {
listPosts(filter: ModelPostFilterInput, limit: Int, nextToken: String): ModelPostConnection
@aws_iam
}
Here is my API call:
const data = await API.graphql({
query: listPosts,
authMode: 'AWS_IAM'
})
Here is what my headers look like:
Authorization: AWS4-HMAC-SHA256 Credential=undefined/20191017/eu-central-1/appsync/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-user-agent, Signature=eb81fd2ffe9334522fd041cc5b89f2dc0c5741391d643626b8d315428ecf5620
Here's the error:
"GraphQLError: Request failed with status code 403
at APIClass.<anonymous> (http://localhost:3001/static/js/0.chunk.js:5507:24)
at step (http://localhost:3001/static/js/0.chunk.js:4667:17)
at Object.throw (http://localhost:3001/static/js/0.chunk.js:4598:14)
at rejected (http://localhost:3001/static/js/0.chunk.js:4558:32)"
I see that there is an undefined
parameter in my headers. Could that be causing the issue? If so, any ideas around what I could do?
$ amplify init
$ amplify add auth
$ amplify add api
# set base configuration to Amazon Cognito User Pools
# add additional authorization type of IAM
# add above schema
$ amplify push
# create a couple of items in the db from the AppSync console using IAM permissions
# Then query using the above query
Ok, this issue was because I did not have Cognito properly configured to use unauthenticated
access. For me the solution was this:
amplify update auth
# walk through the steps for a custom flow, allowing unauthenticated access
amplify push
Follow up: comment from @undefobj cc @kaustavghosh06:
This should actually be configured automatically or the schema compilation should throw a warning - e.g. if public using provider with IAM, and unauth wasn’t enabled in auth category we should enter the auth flow to either enable it or automatically do it under the covers
This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.
Looking for a help forum? We recommend joining the Amplify Community Discord server *-help
channels or Discussions for those types of questions.
Which Category is your question related to? GraphQL API
What AWS Services are you utilizing? AppSync, Cognito, IAM
Provide additional details e.g. code snippets Regarding to the documentation https://aws-amplify.github.io/docs/js/api#aws-appsync-multi-auth amplify supports multiauth mode. Unfortunately, when setting additional authMode in Typescript there is an error with typings:
when using it like this:
and even when I change typings to accept
authMode
there is no response from the server - I'm still unauthorize to get the results.All I'm trying to accomplish is to authenticate through Cognito and this way get Cognito user details in my resolver. Is it even possible ?