Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Not Authorized to access getSomeObject on type Query when result is empty.

See original GitHub issue

Describe the bug Hello, seems like something changed in amplify or appsync not so long time ago. When I try to perform GraphQL query which returns empty result, now I have error:

Not Authorized to access getSomeObject on type Query

There is code in resolver which leads to this behavior:

#if( !($isStaticGroupAuthorized == true || $isDynamicGroupAuthorized == true || $isOwnerAuthorized == true) )
  $util.unauthorized()
#end

Thats right code, but somehow previously when $ctx.result was empty I did not get this error.

The problem is that Apollo don’t cache query because error occurred.

This is wrong behavior, because if $ctx.result is NULL there should not be error

To Reproduce

amplify add auth
amplify add api with any schema with

@auth(rules: [{allow: owner, ownerField: "owner"}])

authenticate user
execute query getSomething(id) on where sure no data exists
See error

Expected behavior On empty result error is not necessary because no data returned.

Using

amplify-cli@4.24.3
react-native

Issue Analytics

State:
Created 3 years ago
Reactions:7
Comments:9 (3 by maintainers)

Top GitHub Comments

2reactions

jwcarrollcommented, Aug 26, 2020

Just as an update, this appears to be fixed as of 4.27.3

I don’t know what version exactly this was fixed in, but a small change to the VTL templates can be seen now:

#if( $util.isNullOrEmpty($ctx.result) )
  #return
#end

Which… I’m still not sure is 100% accurate because that would seem to short certain authorization checks. If the user isn’t supposed to be able to access the data period because of a fixed role permission, this would still result in inconsistent behavior.

1reaction

realtomaszkulacommented, Jul 25, 2020

We are facing the same issue after updating from 4.24.1 to 4.25.0

Reverting to 4.24.1 and pushing fixed the issue.

Top Results From Across the Web

Graphql - Not Authorized to access error message from AWS ...

Try mentioning auth rules in Xp model like below as per link, type Xp @model @key(name: "xpsByUserId", fields: ["authorId"]) @auth( rules: ...

Resolve unauth errors for GraphQL requests in AWS AppSync

Requests that receive a 200 OK response with error type Unauthorized and message Not Authorized to access X on type Y are denied...

Troubleshoot Common Errors - StepZen

Double check that stepzen start is running. Cannot Query Field on Type. Sometimes querying a field can fail, resulting in an error stating...

Overview - TypeScript

TypeScript 3.4 can now produce generic function types when inference from other generic functions produces free type variables for inferences. This means many ......

Checking For Empty Enumerations | You've Been Haacked

This code simply doesn't do that! Lets say I have a variable x of type X. x.Method() should only be allowed if x...