Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

many to many connection with auth directive (from docs)

See original GitHub issue

Describe the bug I was trying to implement a “Many-to-many connections” following the docs at https://docs.amplify.aws/cli/graphql-transformer/directives#many-to-many-connections. If I copy the schema from the docs as it is, everything works fine. However, my API uses an API Key as default authorization mode and when I add an @auth directive like this to the schema

type Post @model @auth(rules: [{ allow: owner }]) {
  id: ID!
  title: String!
  editors: [PostEditor] @connection(keyName: "byPost", fields: ["id"])
}

# Create a join model and disable queries as you don't need them
# and can query through Post.editors and User.posts
type PostEditor
  @model(queries: null)
  @auth(rules: [{ allow: owner }])
  @key(name: "byPost", fields: ["postID", "editorID"])
  @key(name: "byEditor", fields: ["editorID", "postID"]) {
  id: ID!
  postID: ID!
  editorID: ID!
  post: Post! @connection(fields: ["postID"])
  editor: User! @connection(fields: ["editorID"])
}

type User @model @auth(rules: [{ allow: owner }]) {
  id: ID!
  username: String!
  posts: [PostEditor] @connection(keyName: "byEditor", fields: ["id"])
}

I get this error back

{
  "data": {
    "getUser": {
      "id": "UU1",
      "username": "user1",
      "posts": {
        "items": null
      }
    }
  },
  "errors": [
    {
      "message": "Not Authorized to access items on type ModelPostEditorConnection",
      "errorType": "Unauthorized",
      "data": {},
      "errorInfo": {},
      "path": [
        "getUser",
        "posts",
        "items"
      ],
      "locations": [
        {
          "line": 33,
          "column": 7,
          "sourceName": "GraphQL request"
        }
      ]
    }
  ]
}

when I execute this query:

query GetUserWithPosts {
  getUser(id: "UU1") {
    id
    username
    posts{
      items{
        post{
          title
        }
      }
    }
  }
}

The same query works fine with a schema without the @auth directive.

Amplify CLI Version

v4.21.3

To Reproduce Copy and paste the SDL above and run amplify mock api. The same behaviour happens when I deploy with amplify push

Expected behavior I should be able to access the items object

Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

OS: Mac
Node Version. v14.4.0

Additional context

Issue Analytics

State:
Created 3 years ago
Reactions:3
Comments:14 (6 by maintainers)

Top GitHub Comments

1reaction

a-ursinocommented, Jul 23, 2020

My workaround was to add explicitly this to my schema

type ModelPostEditorConnection @aws_cognito_user_pools {
  items: [PostEditor]
  nextToken: String
}

the GraphQL transformer adds only this

type ModelPostEditorConnection {
  items: [PostEditor]
  nextToken: String
}

when an additional auth method is used on the many to many connections

0reactions

github-actions[bot]commented, May 25, 2021

This issue has been automatically locked since there hasn’t been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels for those types of questions.

Top Results From Across the Web

API (GraphQL) - Setup authorization rules - AWS Amplify Docs

Add authorization rules to your GraphQL schema to control access to your data. ... You may also apply multiple ownership rules on a...

Authentication and authorization - Apollo GraphQL Docs

Control access to your GraphQL API. ... There are many patterns for providing authentication credentials, including HTTP headers and JSON web tokens.

@auth directive - Neo4j GraphQL Library

In the above example, there is a CREATE operation followed by a CONNECT , so the auth rule must allow a user to...

Overview of Authorization and Authentication with GraphQL

You can add authorization rules to your schema using the @auth directive. But, you also need to configure the Dgraph.Authorization object (which handles ......

mod_authz_core - Apache HTTP Server Version 2.4

The authorization container directives <RequireAll> , <RequireAny> and ... the same extended authorization provider to be referenced by multiple locations.