Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

@auth not working for custom Query and resolvers

See original GitHub issue

I have implemented multi asuthentication systems into my amploify project, with Cognito pools are the default and IAM as the secondary.

All works fine for the authentication on amplify generated queries and mutation, however my custom queries always return the following when called:

GraphQL Error: message: “Request failed with status code 401”

My queries:

type Query {
  searchElasticEvents(input: SearchEventsInput): EventConnection @aws_iam @aws_cognito_user_pools
  searchElasticPlaces(input: SearchPlacesInput): EntityConnection
}

I have tried with adding the ’ @aws_iam @aws_cognito_user_pools’ directives, and without and both error.

I can’t add the auth directive as that requires the @model directive to be present.

The custom resolvers contain no authentication checks as I wish them to be public, so why is it giving me an authentication error:

Front end call:

` const { data } = await this.amplify.api().graphql({
        query: searchElasticPlaces, 
        variables: { input },
        authMode: 'AWS_IAM'
       });`

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Reactions:2
  • Comments:38 (6 by maintainers)

github_iconTop GitHub Comments

4reactions
attilahcommented, Mar 5, 2020

Related to #2711 and #3590 contains support for this functionality for custom queries backed by functions or custom resolvers.

Given the following schema:

input SearchEventsInput {
  text: String!
}

type EventConnection @aws_iam {
  result: [String!]!
}

type Query {
  searchElasticEvents(input: SearchEventsInput): EventConnection
    @auth(rules: [
      { allow: public, provider: iam }
    ])
}

This will be the output schema the CLI will generate:

input SearchEventsInput {
  text: String!
}

type EventConnection @aws_iam {
  result: [String!]!
}

type Query {
  searchElasticEvents(input: SearchEventsInput): EventConnection @aws_iam
}

It will add the @aws_iam directive to the query with the @auth rule and also generate the appropriate entry in AuthRolePolicynn or UnauthRolePolicynn:

{
    "Effect": "Allow",
    "Action": [
        "appsync:GraphQL"
    ],
    "Resource": [
        {
            "Fn::Sub": [
                "arn:aws:appsync:${AWS::Region}:${AWS::AccountId}:apis/${apiId}/types/${typeName}/fields/${fieldName}",
                {
                    "apiId": {
                        "Fn::GetAtt": [
                            "GraphQLAPI",
                            "ApiId"
                        ]
                    },
                    "typeName": "Query",
                    "fieldName": "searchElasticEvents"
                }
            ]
        }
    ]
}

Notice that since EventConnection has no @model directive - for now - it requires the @aws_iam directive to be in place and also the policy entry for that type.

4reactions
dtelarolicommented, Jan 6, 2020

+1

Same problem with a mutation method, I have tried @auth @aws_iam @aws_api_key, both without success. It works just with group User with Cognito.

type Mutation {
  startProposal(input: StartProposalInput): String
    @function(name: "func-${env}")
    @auth(
      rules: [
        { allow: groups, groups: ["User"] }
        { allow: private, provider: iam, operations: [read, create, update] },
      ]
    )
    @aws_iam @aws_api_key
}
Read more comments on GitHub >

github_iconTop Results From Across the Web

Writing query resolvers | Full-Stack Quickstart - Apollo GraphQL
Whenever a client queries for a particular field, the resolver for that field ... Use this to share per-operation state, such as authentication...
Read more >
Custom Resolvers - Neo4j GraphQL Library
Custom Resolvers. A common case for using the OGM will be within custom resolvers inside a Neo4j GraphQL instance (very meta!), due to...
Read more >
Troubleshooting and Common Mistakes - AWS AppSync
If you execute a GraphQL operation, such as a query, and get a null response, this may be because you don't have a...
Read more >
Resolvers Composition Transform – GraphQL Mesh
transforms: - resolversComposition: mode: bare | wrap compositions: - resolver: 'Query.me' composer: is-auth#isAuth - resolver: 'Mutation.
Read more >
Resolvers | Nestjs-query - Blog
otherwise relations will not work. todo-item.resolver.ts. import { QueryService, InjectQueryService } from '@nestjs-query/core';import { CRUDResolver } from ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Delete or Create key fails: Attempting to mutate more than 1 global secondary index at the same time

Next page

modelgen bug with Has One @connection relation with an explicit field