Running into auth issue when using custom vtl resolver for one of two auth methods

[VicFrolov]

Before opening, please confirm:

• [X] I have searched for duplicate or closed issues and discussions.
• [X] I have read the guide for submitting bug reports.
• [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

React Native

Amplify APIs

Authentication, GraphQL API

Amplify Categories

auth, function

Environment information

``` # Put output below this line System: OS: macOS 11.6 CPU: (16) x64 Intel(R) Core(TM) i9-9880H CPU @ 2.30GHz Memory: 278.73 MB / 32.00 GB Shell: 5.8 - /bin/zsh Binaries: Node: 14.17.4 - ~/.nvm/versions/node/v14.17.4/bin/node npm: 6.14.14 - ~/.nvm/versions/node/v14.17.4/bin/npm Watchman: 4.9.0 - /usr/local/bin/watchman Browsers: Chrome: 94.0.4606.81 Safari: 15.0 npmPackages: @apollo/client: 3.3.4 => 3.3.4 @apollo/client/cache: undefined () @apollo/client/core: undefined () @apollo/client/errors: undefined () @apollo/client/link/batch: undefined () @apollo/client/link/batch-http: undefined () @apollo/client/link/context: undefined () @apollo/client/link/core: undefined () @apollo/client/link/error: undefined () @apollo/client/link/http: undefined () @apollo/client/link/persisted-queries: undefined () @apollo/client/link/retry: undefined () @apollo/client/link/schema: undefined () @apollo/client/link/utils: undefined () @apollo/client/link/ws: undefined () @apollo/client/react: undefined () @apollo/client/react/components: undefined () @apollo/client/react/context: undefined () @apollo/client/react/data: undefined () @apollo/client/react/hoc: undefined () @apollo/client/react/hooks: undefined () @apollo/client/react/parser: undefined () @apollo/client/react/ssr: undefined () @apollo/client/testing: undefined () @apollo/client/utilities: undefined () @aws-amplify/auth: 3.4.15 => 3.4.15 @aws-amplify/core: 3.8.7 => 3.8.7 @aws-amplify/storage: 3.3.15 => 3.3.15 @babel/core: 7.12.9 => 7.12.9 (7.15.8) @babel/runtime: 7.12.5 => 7.12.5 @graphql-codegen/cli: 1.17.8 => 1.17.8 @graphql-codegen/introspection: 1.17.8 => 1.17.8 @graphql-codegen/typescript: 1.17.8 => 1.17.8 @graphql-codegen/typescript-operations: 1.17.8 => 1.17.8 @graphql-codegen/typescript-react-apollo: 2.2.1 => 2.2.1 @react-native-community/async-storage: 1.12.1 => 1.12.1 @react-native-community/datetimepicker: 3.2.0 => 3.2.0 @react-native-community/masked-view: 0.1.6 => 0.1.6 @react-native-community/netinfo: 4.7.0 => 4.7.0 @react-native-firebase/analytics: 11.1.2 => 11.1.2 @react-native-firebase/app: 11.1.2 => 11.1.2 @react-native-firebase/dynamic-links: 11.1.2 => 11.1.2 @react-native-firebase/messaging: 11.1.2 => 11.1.2 @react-navigation/bottom-tabs: 5.11.11 => 5.11.11 @react-navigation/material-top-tabs: 5.3.15 => 5.3.15 @react-navigation/native: 5.9.4 => 5.9.4 @react-navigation/stack: 5.14.5 => 5.14.5 @types/bugsnag: 3.1.0 => 3.1.0 @types/inquirer: 8.1.3 => 8.1.3 @types/jest: 24.0.15 => 24.0.15 @types/lodash: 4.14.144 => 4.14.144 @types/moment: 2.13.0 => 2.13.0 @types/phone: 2.4.0 => 2.4.0 @types/pluralize: 0.0.29 => 0.0.29 @types/react: 16.8.23 => 16.8.23 @types/react-native: 0.63.51 => 0.63.51 @types/react-native-dotenv: 0.2.0 => 0.2.0 @types/react-native-material-textfield: 0.16.4 => 0.16.4 @types/react-native-vector-icons: 6.4.6 => 6.4.6 @types/react-test-renderer: 16.8.2 => 16.8.2 @types/uuid: 3.4.6 => 3.4.6 @typescript-eslint/eslint-plugin: 4.21.0 => 4.21.0 @typescript-eslint/eslint-plugin-tslint: ^4.21.0 => 4.21.0 @typescript-eslint/parser: 4.21.0 => 4.21.0 HelloWorld: 0.0.1 amazon-cognito-identity-js: 4.5.5 => 4.5.5 aws-amplify-react-native: 4.0.3 => 4.0.3 aws-appsync: 3.0.2 => 3.0.2 aws-appsync-auth-link: 3.0.2 => 3.0.2 (2.0.3) aws-appsync-react: 3.0.2 => 3.0.2 aws-appsync-subscription-link: 3.0.3 => 3.0.3 (2.2.1) babel-jest: 26.6.3 => 26.6.3 babel-plugin-module-resolver: 3.2.0 => 3.2.0 bugsnag-react-native: 2.23.10 => 2.23.10 date-fns: 2.16.1 => 2.16.1 (1.30.1) eslint: 7.23.0 => 7.23.0 eslint-config-prettier: ^8.1.0 => 8.1.0 eslint-import-resolver-babel-module: 5.2.0 => 5.2.0 eslint-plugin-import: ^2.22.1 => 2.22.1 eslint-plugin-jsdoc: ^32.3.0 => 32.3.0 eslint-plugin-prefer-arrow: ^1.2.3 => 1.2.3 eslint-plugin-prettier: 3.3.1 => 3.3.1 eslint-plugin-react: ^7.23.1 => 7.23.1 eslint-plugin-react-hooks: 4.2.0 => 4.2.0 eslint-plugin-react-native: 3.10.0 => 3.10.0 eslint-plugin-sort-destructure-keys: 1.3.5 => 1.3.5 eslint-plugin-sort-keys-fix: 1.1.1 => 1.1.1 eslint-plugin-typescript-sort-keys: 1.6.0 => 1.6.0 graphql: 14.6.0 => 14.6.0 (0.13.0) graphql-anywhere: 4.2.7 => 4.2.7 hermes-inspector-msggen: 1.0.0 husky: ^6.0.0 => 6.0.0 inquirer: 8.2.0 => 8.2.0 (7.3.3, 3.0.6) jest: 26.6.3 => 26.6.3 lint-staged: ^10.5.4 => 10.5.4 lodash: 4.17.15 => 4.17.15 (4.17.21, 4.17.20) lottie-ios: 3.2.3 => 3.2.3 lottie-react-native: 4.0.3 => 4.0.3 memo-parser: 0.2.1 metro-react-native-babel-preset: 0.66.2 => 0.66.2 moment: 2.24.0 => 2.24.0 phone: 2.4.21 => 2.4.21 pluralize: 8.0.0 => 8.0.0 prettier: 2.2.1 => 2.2.1 react: 17.0.2 => 17.0.2 react-native: 0.66.0 => 0.66.0 react-native-animatable: 1.3.3 => 1.3.3 react-native-animation-hooks: 1.0.1 => 1.0.1 react-native-bootsplash: 3.1.5 => 3.1.5 react-native-camera: 3.43.0 => 3.43.0 react-native-confetti-cannon: 1.5.2 => 1.5.2 react-native-device-info: 8.0.5 => 8.0.5 react-native-dotenv: 3.2.0 => 3.2.0 react-native-fast-image: 8.3.4 => 8.3.4 react-native-geocoding: 0.5.0 => 0.5.0 react-native-gesture-handler: 1.10.3 => 1.10.3 react-native-haptic-feedback: 1.11.0 => 1.11.0 react-native-image-picker: 0.27.1 => 0.27.1 react-native-image-resizer: 1.4.3 => 1.4.3 react-native-image-viewing: 0.2.0 => 0.2.0 react-native-linear-gradient: 2.5.6 => 2.5.6 react-native-location: 2.5.0 => 2.5.0 react-native-material-textfield: github:n4kz/react-native-material-textfield#729008b847eb38129d0b886e98253d4c11f6d4d3 => 0.16.1 react-native-modal: 11.7.0 => 11.7.0 react-native-reanimated: 2.2.3 => 2.2.3 react-native-safe-area-context: 3.2.0 => 3.2.0 react-native-screens: 2.18.1 => 2.18.1 react-native-svg: 12.1.0 => 12.1.0 react-native-svg-transformer: 0.13.0 => 0.13.0 react-native-swiper: 1.6.0 => 1.6.0 react-native-vector-icons: 8.1.0 => 8.1.0 (6.7.0) react-test-renderer: 17.0.2 => 17.0.2 rn-fetch-blob: 0.12.0 => 0.12.0 ts-node: 10.3.0 => 10.3.0 (9.1.1) typescript: 4.0.2 => 4.0.2 uuid: 3.3.3 => 3.3.3 (3.3.2, 8.3.2) npmGlobalPackages: @aws-amplify/cli: 6.3.1 npm: 6.14.14 ```

Describe the bug

Custom resolver is working perfectly when logged in as a user using cognito auth, but when using IAM, is 401'd.

I followed these steps, and my code is:

type EsSearchBrandsConnection @aws_iam @aws_cognito_user_pools {
  brands: [Brand]!
  nextToken: String
}

type Query {
  esSearchBrands(input: EsSearchBrandsInput!): EsSearchBrandsConnection
    @aws_iam
    @aws_cognito_user_pools
}

input EsSearchBrandsInput {
  brandTitle: String!
}

I checked the build folder, and it seems to be the same auth logic as the other @searchable functions I have:

esSearchBrands(input: EsSearchBrandsInput!): EsSearchBrandsConnection @aws_iam @aws_cognito_user_pools

I have dozens of other queries, both autogenerated and manual functions, all work without issues, aside for this one new function I added.

Expected behavior

User is able to get data when authenticated via @aws_iam

Reproduction steps

follow steps outlined in documentation link above, and ensure to use aws_iam auth, e.g. with apollo auth link:

const iamAuthLink = createAuthLink({
  auth: {
    credentials: async () => Auth.currentCredentials(),
    type: AUTH_TYPE.AWS_IAM,
  },
  region,
  url,
});

Code Snippet

// Put your code below this line.

Log output

``` // Put your logs below this line ```

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

[chrisbonifacio]

Hi @VicFrolov 👋 We have since updated our graphql transformer to v2 so I'm wondering if you're still experiencing this issue and looking for a solution.

Curious if this was the first model you had used an IAM auth rule on. There might be some issues with the way the auth resource is configured to allow unauthenticated logins (Identity Pool).

Otherwise, if you might still be able to reproduce this and have error logs from the front end or Cloudwatch, please do share.

[chrisbonifacio]

Hi 👋 Closing this as we have not heard back from you. If you are still experiencing this issue and in need of assistance, please feel free to comment and provide us with any information previously requested by our team members so we can re-open this issue and be better able to assist you.

Thank you!

[vincent38wargnier]

Hi, I'm wondering if @aws_cognito_user_pools still works in the V2 for lambda pipelines or if we have to replace it by { allow: private } ? Because since I migrated to V2 I can't access to my lambdas through the existing pipes, saying "message: "Not Authorized to access lambda1Pipeline on type AWSJSON" In V1 I was doing that :

type Mutation {
      lambda1Pipeline(data: AWSJSON): AWSJSON @function(name: "lambda1-${env}") @aws_cognito_user_pools
}

This doesn't work either :

type Mutation {
      lambda1Pipeline(data: AWSJSON): AWSJSON @function(name: "lambda1-${env}") @auth(rules: [{ allow: private }])
}

Thank you.

[github-actions[bot]]

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server amplify-help forum.