Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Unauthorized while performing update mutation on model GraphQL Transformer V2

See original GitHub issue

Before opening, please confirm:

I have installed the latest version of the Amplify CLI (see above), and confirmed that the issue still persists.
I have searched for duplicate or closed issues.
I have read the guide for submitting bug reports.
I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
I have removed any sensitive information from my code snippets and submission.

How did you install the Amplify CLI?

npm

If applicable, what version of Node.js are you using?

v17.5.0

Amplify CLI Version

7.6.22

What operating system are you using?

Mac

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

Deleted a field from model and updated the GraphQL API Resource ( Appsync ).

Amplify Categories

auth, api

Amplify Commands

Not applicable

Describe the bug

type Farmer 
  @model  
  @auth(
    rules: [
      { allow: owner, operations: [create, update, read] },
      { allow: groups, groups: ["Admin"], operations: [read] }
    ])
  {
  identityId: String
  profileImg: String
  name: String!
  mobile: AWSPhone! @primaryKey 
  billing: Shipping
  shipping: [Shipping]
  email: String
  fb: String
  google:String
  cart: [CartItem]
  wishList: [String]
}

Issue faced - Unauthorized to run update mutation on the model after being authenticated This issue is not only being faced with owner auth type but also with group auth type. Our system is in production and we need immediate resolution for this. Please support as soon as possible.

Expected behavior

Intended Auth Access - The owner should be able to create, read and update. Admin should. be able to read.

Reproduction steps

Make change to GraphQL schema
Perform amplify push
Auth Error occurs

GraphQL schema(s)

# Put schemas below this line
type Farmer 
  @model  
  @auth(
    rules: [
      { allow: owner, operations: [create, update, read] },
      { allow: groups, groups: ["Admin"], operations: [read] }
    ])
  {
  identityId: String
  profileImg: String
  name: String!
  mobile: AWSPhone! @primaryKey 
  billing: Shipping
  shipping: [Shipping]
  email: String
  fb: String
  google:String
  cart: [CartItem]
  wishList: [String]
}

Log output

# Put your logs below this line

Additional information

No response

Issue Analytics

State:
Created 2 years ago
Reactions:2
Comments:15 (5 by maintainers)

Top GitHub Comments

2reactions

IsaacTrevinocommented, Mar 4, 2022

+1 This is a serious problem, downgrading to v7.6.21 works

1reaction

josefaidtcommented, May 17, 2022

Hey @shriram192 👋 thanks for raising this! Unfortunately I was not able to reproduce using the following schema:

type Todo
  @model
  @auth(
    rules: [
      { allow: owner }
      { allow: groups, groups: ["admins"] }
    ]
  ) {
  id: ID! @primaryKey
  owner: ID
  name: String!
  description: String
}

with two users, admin and user, of which admin is a member of the admins group. Both admin and user are able to update records as intended. However, when explicitly granting update access the update mutations no longer work:

type Todo
  @model
  @auth(
    rules: [
      { allow: owner, operations: [create, update, read] }
      { allow: groups, groups: ["admins"], operations: [read] }
    ]
  ) {
  id: ID! @primaryKey
  owner: ID
  name: String!
  description: String
}

It is important to note create and read are working as expected.

Marking as a bug 🙂

Top Results From Across the Web

API (GraphQL) - Setup authorization rules - AWS Amplify Docs

In this schema, only the owner of the object has the authorization to perform delete operations on the owner created object, but anyone...

Resolve unauth errors for GraphQL requests in AWS AppSync

I receive "Unauthorized" errors when I run GraphQL requests with AWS AppSync. How do I troubleshoot these errors? Short description. There are ...

@aws-amplify/graphql-model-transformer - npm

Start using @aws-amplify/graphql-model-transformer in your ... TypeScript icon, indicating that this package has built-in type declarations.

GraphQL Transform - GitHub Pages

All generated GraphQL queries & mutations will be updated to work with custom ... The primary @key with 3 fields performs a bit...

AWS Amplify GraphQL Static Group Authorization | by λ.eranga

When deploying it will create GraphQL queries , mutations and subscriptions related to the updated Document model. The generated queries, mutations, ...