Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
GraphQLError request failed with status code 401
See original GitHub issueWhich Category is your question related to? Auth / GraphQL
What AWS Services are you utilizing? AWS AppSync
Provide additional details e.g. code snippets
In our schema.graphql, we added @function directive to the field inside the Query type, in order to invoke our recoverUsername lambda function:
type Query {
recoverUsername(email: String): String
@function(name: "recoverUsername-${env}")
@aws_iam
}
It works when I execute this query in the AWS AppSync console by selecting IAM auth provider, but when I try to call it from the app with:
API.graphql({
query: recoverUsername,
variables: {
email,
},
authMode: 'AWS_IAM',
});
aws-exports.js
const awsmobile = {
aws_appsync_authenticationType: 'AWS_IAM',
...
}
I get GraphQLError request failed with status code 401
We are using older version of aws-amplify (1.2.4), but I also tried with latest version, same error.
Issue Analytics
- State:
- Created 4 years ago
- Reactions:2
- Comments:5 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@cc-bojan when you’re logged into the AWS Console you’re probably using an administrator role credentials that does not need to have a specific policy to invoke AppSync mutations, that’s the probable reason why it works.
If you use the AppSync service supported native directives like
@aws_iamthe Amplify CLI will not generate any policies for you for the Auth and Unauth roles, so when from the client application you call the Amplify service and specifying IAM as authentication mode, it will use the AWS credentials of the currently logged in user, and that user’s role (Auth or Unauth) has no attached policies defined that would grant access for AppSync service to invoke that Lambda function.Could you please confirm that the above is correct? And if it is correct create a policy and verify that it is working?
@attilah You were right. I attached:
arn:aws:appsync:eu-central-1:<account-id>:apis/<api-id>/types/Query/fields/recoverUsername- Resource to the existingUnauthRolePolicy, and now it’s working. Thanks.