Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Amplify Api "Unauthorized" on connection fields
See original GitHub issue** Which Category is your question related to? ** GraphQL
** What AWS Services are you utilizing? ** API, AppSync
** Provide additional details e.g. code snippets **
I have a schema like this:
type User
@model
@auth(rules: [
{allow: owner }
{allow: groups, groups: ["Admins"], queries: [get, list], mutations: [create, update, delete]},
{allow: groups, groups: ["Users", "Professionals"], queries: [get, list], mutations: [create]}
]) {
id: ID!
email: AWSEmail!
type: Int!
name: String
surname: String
address: Address
contact: AWSJSON
info: AWSJSON
professional: Professional @connection(name: "UserProfessional")
professionalreviews: [ProfessionalReview] @connection(name: "UserProfessionalReviews")
}
type Professional
@model
@auth(rules: [
{allow: owner},
{allow: groups, groups: ["Admins"], queries: [get, list], mutations: [create, update, delete]},
{allow: groups, groups: ["Professionals", "Users"], queries: [get, list], mutations: null}
])
@searchable {
id: ID!
type: Int!
subtype: String
name: String!
socials: [Social]
profile: Profile
contacts: AWSJSON
sourcedocuments: [String]
documents: [Image]
patent: AWSJSON
association: String
user: User! @connection(name: "UserProfessional")
reviews: [ProfessionalReview] @connection(name: "ProfessionalReviews")
}
type ProfessionalReview
@model
@auth(rules: [
{allow: owner},
{allow: groups, groups: ["Admins"], queries: [get, list], mutations: [create, update, delete]},
{allow: groups, groups: ["Users", "Professionals"], queries: [get, list], mutations: [create]}
])
@searchable {
id: ID!
user: User! @connection(name: "UserProfessionalReviews")
professional: Professional! @connection(name: "ProfessionalReviews")
createdAt: AWSDateTime
content: String
rating: Int
}
`
When i try to get the reviews of a professional with
`const getProfessionalReview = `
query {
getProfessional(id:"` + professionalId + `") {
reviews {
items {
createdAt
content
rating
user {
id
}
}
}
}
}`;
return self.amplifyService.api().graphql(graphqlOperation(getProfessionalReview));`
I get an error:
errorType: "Unauthorized"
message: "Not Authorized to access user on type ProfessionalReview"
Where is my error?
Thanks
Issue Analytics
- State:
- Created 4 years ago
- Comments:6 (3 by maintainers)
Top Results From Across the Web
Resolve unauth errors for GraphQL requests in AWS AppSync
401 Unauthorized: The request is denied by either AWS AppSync or the authorization mode because the credentials are missing or invalid.
Read more >'Unauthorized' error when using AWS amplify with grahql to ...
When I run the code below, I get the message "Not Authorized to access createUser on type User". import React from 'react'; import...
Read more >An In-Depth Guide on Amplify GraphQL API Authorization
Run amplify console api again to open the GraphQL queries page. Run the queries you ran previously and you should get an unauthorized...
Read more >API (GraphQL) - Setup authorization rules - AWS Amplify Docs
When using the @auth directive on a field definition, a resolver will be added to the field that authorize access based on attributes...
Read more >Owner vs. Group Access Control in AWS Amplify API - Medium
By default this is the username field in the access token. To think of it abstractly, if the value in the identityClaim field...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@bagubits Looks like your User @connection field in ProfessionalReviews model doesn’t have access to the User model. Since you have explicitly mentioned in type User the following auth rules -
{allow: groups, groups: ["Users", "Professionals"], queries: [get, list], mutations: [create]}, this would give access to just the get and list resolvers and prevent any other connections to access this User model.To precent this, the recommended way is to modify that auth rule to
{allow: groups, groups: ["Users", "Professionals"], operations: [create, read]}which would allow connection fields from other models to query the User model.This issue has been automatically locked since there hasn’t been any recent activity after it was closed. Please open a new issue for related bugs.
Looking for a help forum? We recommend joining the Amplify Community Discord server
*-helpchannels for those types of questions.