Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

AWS-Amplify API is always returning 403 unauthorized with angular

See original GitHub issue

AWS-Amplify using API.get() with angular to call Serverless API with IAM authentication is always returning 403 unauthorized, even though that I have followed all the instructions posted on GitHub and stackoverfolw,

here is my code for using api.get:

` async testApiCall() { const user = await Auth.currentAuthenticatedUser(); const token = user.signInUserSession.idToken.jwtToken;

const request = {
    headers: {
        Authorization: token
    }
};

var response = await API.post('orders', '/orders', request)
    .catch(error => {
        alert('error' + error);
    });
    alert(response);
document.getElementById('output-container').innerHTML = JSON.stringify(response);

and here is my config.ts:

export default { MAX_ATTACHMENT_SIZE: 5000000, s3: { REGION: "eu-central-1", BUCKET: "xxxxxx" }, apiGateway: { REGION: "eu-central-1", URL: "xxxxxxxx" }, cognito: { REGION: "eu-central-1", USER_POOL_ID: "xxxxxxxxxxxxxxxxx", APP_CLIENT_ID: "xxxxxxxxxxxxxxxxx", IDENTITY_POOL_ID: "xxxxxxxxxxxxxxxxx" } };

And here is what I have in environment.ts:

export const environment = { production: true, amplify: { Auth: { identityPoolId: 'xxxxxxxxxxx', region: 'eu-central-1', userPoolId: 'xxxxxxxxx', userPoolWebClientId: 'xxxxxxxxxxx' }, API: { endpoints: [ { name: "orders", endpoint: "xxxxxxxxx" } ] } } }; any suggestions please?

Issue Analytics

State:
Created 5 years ago
Comments:8 (3 by maintainers)

Top GitHub Comments

1reaction

powerful23commented, Mar 6, 2019

@khaledshamat if you are using IAM authentication, and as I could assume based on your config, you are using the Cognito Federated Identity Pool service right? In that case, you shouldn’t do the following:

const request = {
    headers: {
        Authorization: token
    }
};

The amplify library will fetch the credentials internally and sign the request. Can you also open the debug mode by putting window.LOG_LEVEL='DEBUG' to get more info?

0reactions

github-actions[bot]commented, Jun 12, 2021

This issue has been automatically locked since there hasn’t been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.

Top Results From Across the Web

Troubleshoot HTTP 403 errors from API Gateway - Amazon AWS

An HTTP 403 response code means that a client is forbidden from accessing a valid URL. The server understands the request, ...

Angular with AWS-amplify API and Auth unexpected behavior ...

Angular with AWS-amplify API and Auth unexpected behavior leads to 403 unauthorized ... after that if I called the api it will return...

amplify-js

AWS Amplify is a JavaScript library for frontend and mobile developers building cloud-enabled applications ... AWS Amplify provides a declarative and easy-to-use ...

Fix the Most Common API Gateway Request Errors - Dashbird

Handling API Gateway 403 Error: Access Denied. This error is also known as “Forbidden” and implies some permission issue. Every resource you ...

Build a Role-based API with Firebase Authentication - Toptal

Create a role-based authorization API with a fine-grained permissions model. ... If the user doesn't have the required role, we'll return a 403....