I have an AWS Amplify app using google federate sign in.
This is my data model.
type TriadeMetric #model #auth(rules: [{allow: owner}]) {
id: ID!
NoteMetrics: [NoteMetric] #hasMany(indexName: "byTriadeMetric", fields: ["id"])
}
enum MetricEnum {
ACCURACY
DURATION
}
type NoteMetric #model #auth(rules: [{allow: owner}]) {
id: ID!
metricType: MetricEnum
value: Float
triademetricID: ID! #index(name: "byTriadeMetric")
semitones: Int
}
When I try to create a new record using
const triadeMetric = await DataStore.save(new TriadeMetric({}));
I got this warning message:
[{"errorType":"Unauthorized","message":"Not Authorized to access onCreateTriade on type Triade"}]}
and this error:
{"errors":[{"errorType":"Unauthorized to access onCreateTriade on type Triade"}]}
I was using the wrong authentification type:
In aws-exports.js
I replaced "aws_appsync_authenticationType": "API_KEY"
with "aws_appsync_authenticationType": "AMAZON_COGNITO_USER_POOLS"
Related
I've set up a basic app to test Amplify's #auth rules. I have this simple graphql.schema:
type Todo #model #auth(rules: [{ allow: public }]) {
id: ID!
name: String!
description: String
}
type Blog #model #auth(rules: [{ allow: owner }]) {
id: ID!
name: String!
posts: [Post] #hasMany
}
...
When I try to perform a simple list operation with AppSync, Blog succeeds, but Todo returns an error: Not Authorized to access listTodos on type Query
I have set my API (amplify update api) to use Cognito User Pools as the default auth, and to use API key as a secondary auth type. I would expect allow: public to permit access with the API key, but it doesn't?
How can we get the User Conversations with a query. Ideal would be to do a query to the user table and get all the user conversations loaded.
example:
final user = await Amplify.DataStore.query(User.classType, where: User.ID.eq(id))
user.conversations to have the list of conversations loadd.
If that can not be done, next would be to get all the conversations that have a specific User.
example not working:
await Amplify.DataStore.query(UserConversation.classType
where: UserConversation.USER.eq(user.id)
)
type Message #model #auth(rules: [{allow: public}]) {
id: ID!
ConversationId: Conversation #connection
UserId: User #connection
body: String
createdDate: AWSDateTime!
}
type Conversation #model #auth(rules: [{allow: public}]) {
id: ID!
date: AWSDateTime
readBy: [ReadBy] #connection(keyName: "byConversation", fields: ["id"])
users: [UserConversation] #connection(keyName: "byConversation", fields: ["id"])
name: String
image: String
}
type ReadBy #model #auth(rules: [{allow: public}]) #key(name: "byConversation", fields: ["conversationID"]) {
id: ID!
date: AWSDateTime
RedByUsers: User #connection
conversationID: ID
}
type User #model #auth(rules: [{allow: public}]) {
id: ID!
firstName: String
lastName: String
userImg: String
createdDate: AWSDateTime
updatedDate: AWSDateTime
email: AWSEmail
conversations: [UserConversation] #connection(keyName: "byUser", fields: ["id"])
}
type UserConversation #model(queries: null) #key(name: "byUser", fields: ["userID", "conversationID"]) #key(name: "byConversation", fields: ["conversationID", "userID"]) #auth(rules: [{allow: public}, {allow: public}]) {
id: ID!
userID: ID!
conversationID: ID!
user: User! #connection(fields: ["userID"])
conversation: Conversation! #connection(fields: ["conversationID"])
}
I was able to get the second version by doing the following:
await Amplify.DataStore.query(UserConversation.classType
where: User.ID.eq(user.id)
);
The above will perform a selection of all user conversations that have the user id equal to whatever the id of the user variable is. It was a bit confusing at first as to why you need to pass the User.ID for the query, but from what I understand it is due to how the SQL query gets created by AWS DataStore, it is doing a join behind the scenes and therefore will use the column of the second table (in this case the User table) to perform the join. I wish I could point to some documentation on this, but I couldn't find any. I kinda just got lucky trying a bunch of stuff and noticing in the error message how the SQL query is generated.
When I change the identityClaim field in my model, I got the error ""Unauthorized","message":"Not Authorized to access..." when I try to start Datastore in the app.
But, it works as expected when I run the query in AWS AppSync.(It saves the groupID in owner field)
Here is the configuration:
type Book
#model
#auth(rules: [{ allow: owner, identityClaim: "custom:groupID" }]) {
id: ID!
name: String!
owner: Strin
}
i had this same issue and resolved it by using the graphql_headers Amplify.config option to override the default datastore Authorization header. it was using the Access token by default, but to use a custom cognito attribute as the identity claim, you need to use the ID token, because those custom attributes aren’t present on the Access token (i documented all the gory details in a GitHub issue). in my app, it looks like:
Amplify.configure({
...awsconfig,
// https://github.com/aws-amplify/amplify-cli/issues/3794
graphql_headers: async () => {
try {
const token = (await Auth.currentSession()).getIdToken().getJwtToken();
return { Authorization: token };
} catch (e) {
console.error(e);
return {};
}
},
});
note that your owner field has a typo (Strin → String), but i’m guessing that’s just a copy/paste issue.
I've implemented the Amplify JS Library with a Vue project and have had success with all of the features of the library except this issue. When I query a model with Elasticsearch, it returns the appropriate results, but also the error of "ResolverExecutionLimitReached".
This is the request:
let destinations = await API.graphql(graphqlOperation(queries.searchDestinations, {filter: { deviceId: { eq: params.id }}}))
This is the schema:
type Destination
#model
#searchable
#auth(rules: [{ allow: public }, { allow: private }])
#key(name: "byXpoint", fields: ["xpoint"])
#key(name: "byDevice", fields: ["deviceId"])
{
id: ID!
index: Int!
levels: [String]
name: String!
xpoint: String
sourceId: ID
Source: Source #connection
lock: Boolean
breakaway: Boolean
breakaways: String
probeId: ID!
probe: Probe #connection(fields: ["probeId"])
deviceId: ID!
device: Device #connection(fields: ["deviceId"])
orgId: ID!
org: Org #connection(fields: ["orgId"])
}
And this returns:
{
data: {
searchDestinations: {items: Array(100), nextToken: "ba1dc119-2266-4567-9b83-f7eee4961e63", total: 384}
},
errors: [
{
data: null
errorInfo: null
errorType: "ResolverExecutionLimitReached"
locations: []
message: "Resolver invocation limit reached."
path: []
}
]
}
My understanding is the AppSync API has a hard limit of returning more than 1000 entries, but this query is on a table with only ~600 entries and is only returning 384. I am executing the same command via AppSync directly via a NodeJS application and it works without issue.
Not sure where to investigate further to determine what is triggering this error. Any help or direction is greatly appreciated.
Connections in the schema were causing the single request to go beyond the 1000 request limit (exactly as stated by Mickers in the comments). Updated schema with less connections on fetch and issue was resolved.
I'm having the serverless error:
Resolver associated with data sources when building from serverless.yml config file:
# serverless.yml
...
mappingTemplates:
- dataSource: Wallet
type: Query
field: walletFromId
request: "_dynamo-get-wallet.txt"
response: "_generic-result-response.txt"
- dataSource: Wallet
type: Query
field: walletsFromUser
request: "_dynamo-get-wallets-from-user.txt"
response: "_generic-result-response.txt"
- dataSource: Wallet
type: Mutation
field: registerWallet
request: "_dynamo-put-wallet.txt"
response: "_generic-result-response.txt"
dataSources:
- type: AMAZON_DYNAMODB
name: Wallet
description: 'Wallet DataSource'
config:
tableName: "${self:custom.stage}-Wallet"
serviceRoleArn: "arn:aws:iam::${self:custom.accountId}:role/${self:custom.appSync.serviceRole}"
...
I also have a schema.graphql:
type Query {
# query the wallet with given id and get the output with detail info
walletFromId(walletId: String!): Wallet!
# query wallets with given user id and get list of cards
walletsFromUser(userId: String!): [Wallet!]!
}
type Mutation {
# Add a wallet to an existing user
registerWallet(userId: String!, number: String!, cvx: String!, expirationDate: String!): Wallet!
}
type Wallet {
walletId: String!
userId: String!
number: String!
cvx: String!
expirationDate: String!
}
type Subscription {
addWallet: Wallet
#aws_subscribe(mutations: ["registerWallet"])
}
schema {
query: Query
mutation: Mutation
subscription: Subscription
}
I could not find a single clue as to what this error mean, and there isn't anything else I can get from the build logs.
This error usually means you are trying to delete a data source that is currently being used by a resolver. If you can identify the resolver pointing to the data source and delete it then you should no longer see the error message.