Open iris-rcrimp opened 2 years ago
Here are the AuthData
objects retrieved by onAuthUIStateChange()
.
The only difference I can see are the order of the fields.
@iris-rcrimp can you provide a code snippet for your storage calls? just to see what params are passed in these calls.
I'm having a similar issue, that may be the same issue as the one reported here. I believe these issues are at least possibly related.
To reproduce, in my case:
1) Configure Cognito (for email + password sign-up/sign-in, with email verification code)
2) Precisely go through the steps 1-4 in this issue to set up "attributes for access control" and change the policies accordingly in the cloudformation file, to use cognitoId
instead of sub
in the S3 paths.
3) Put a file (<filename>
) in <your S3 bucket>/protected/<sub>/<filename>
where sub
is the user's sub
4) Call this code
console.log(Amplify.configure({
// eslint-disable-next-line
aws_appsync_authenticationType: 'AWS_IAM'
}));
this.imgSrc = await Storage.get(
USER_DEFAULTS.s3ProfileImageFileName,
{
download: false,
level: 'protected',
identityId: sub
}
and the error shows up every time - for months now, unable to get the file.
Here's the error you see in the browser's dev console (same as reported in this issue above) in response to the above call to Storage.get()
:
Error: Uncaught (in promise): TypeError: Cannot read property 'byteLength' of undefined
TypeError: Cannot read property 'byteLength' of undefined
at isEmptyData (isEmptyData.js:10)
at Sha256.update (webCryptoSha256.js:20)
at Sha256.update (crossPlatformSha256.js:23)
at hmac (credentialDerivation.js:86)
at credentialDerivation.js:33
at step (tslib?b908:100)
at Object.next (tslib?b908:81)
at tslib?b908:74
at new ZoneAwarePromise (zone.js:1340)
at __awaiter (tslib?b908:70)
at resolvePromise (zone.js:1255)
at new ZoneAwarePromise (zone.js:1343)
at __awaiter (tslib?b908:70)
at getSigningKey (credentialDerivation.js:28)
at SignatureV4.getSigningKey (SignatureV4.js:257)
at SignatureV4.<anonymous> (SignatureV4.js:63)
at step (tslib?b908:100)
at Object.next (tslib?b908:81)
at fulfilled (tslib?b908:71)
at ZoneDelegate.invoke (zone.js:400)
Before opening, please confirm:
JavaScript Framework
React
Amplify APIs
Authentication, Storage
Amplify Categories
auth, storage
Environment information
Describe the bug
Cognito's federated identity auth role provides access to S3 perfectly well.
To allow for fine grain access control (e.g.
user-test
can only accesss3::bucket-name/user-test
) the docs recommend user attributes (Principal Tag Attributes for access control).However, the presence of user attributes breaks
Storage
, any request (list
,get
,put
) returns the following (unhelpful) error:Expected behavior
I would expect 403 forbidden if the auth policy is setup wrong. Instead I get an error trying to read byteLength of undefined.
Reproduction steps
user attributes
to the Cognito Federated IdentityCode Snippet
Log output
aws-exports.js
No response
Manual configuration
No response
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
No response