Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

DataStore - Sync error - UnauthorizedException

See original GitHub issue

I receive this error: DataStore - Sync error – "subscription failed Connection failed: {\"errors\":[{\"errorType\":\"UnauthorizedException\",\"message\":\"Permission denied\"}]}"

While I run this code:

Auth.currentCredentials() .then(d => console.log("data: ", d)) .catch(e => console.log("error: ", e));

before

this.init = DataStore.observe(Quiz).subscribe();

with this schema:

type Quiz
  @model
  @auth(
    rules: [
      { allow: public, provider: iam, operations: [read] }
      { allow: owner }
    ]
  ) {
  id: ID!
  title: String!
  seconds: Int!
  currentQuestion: String
  questionOrder: String
  started: Boolean
  questionTime: Int
  view: Int
  owner: String!
}

type Questions
  @model
  @auth(
    rules: [
      { allow: public, provider: iam, operations: [read] }
      { allow: owner }
    ]
  ) {
  id: ID!
  image: String
  youtube: String
  question: String!
  answerOne: String
  answerOneCorrect: Boolean
  answerTwo: String
  answerTwoCorrect: Boolean
  answerThree: String
  answerThreeCorrect: Boolean
  answerFour: String
  answerFourCorrect: Boolean
  quizID: String!
  order: Int
  public: Boolean
  fromLibrary: Boolean
  category: String
}
type QuestionsDB
  @model
  @auth(
    rules: [
      { allow: public, provider: iam, operations: [read] }
      { allow: owner }
    ]
  ) {
  id: ID!
  image: String
  youtube: String
  question: String!
  answerOne: String
  answerOneCorrect: Boolean
  answerTwo: String
  answerTwoCorrect: Boolean
  answerThree: String
  answerThreeCorrect: Boolean
  answerFour: String
  answerFourCorrect: Boolean
  relatedQuestion: String!
  public: Boolean
  category: String
  language: String
}

type Subscribers @model @auth(rules: [{ allow: public, provider: iam }]) {
  id: ID!
  type: String!
  score: Int!
  quizID: String!
  name: String!
}

type Responses @model @auth(rules: [{ allow: public, provider: iam }]) {
  id: ID!
  quiz: String!
  subscriber: String!
  question: String!
}
type Languages
  @model
  @auth(rules: [{ allow: public, provider: iam }])
  @key(name: "ByCode", fields: ["type", "code"], queryField: "getLangByCode") {
  id: ID!
  type: String!
  code: String!
}

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:29 (6 by maintainers)

github_iconTop GitHub Comments

1reaction
rpostulartcommented, Apr 1, 2021

Not sure anymore 😔

1reaction
iartemievcommented, May 1, 2020

Transferring this over per my conversation with @edwardfoyle.

I was able to reproduce this issue using the following simplified schema (and explicitly turning off subscription authorization on the model).

When I try to subscribe to changes on this model with DataStore as an unauthed user, I get the error: "DataStore - Sync error subscription failed Connection failed: {"errors":{"errorType":"UnauthorizedException","message":"Permission denied”}}"

  • Unauthed Identities are enabled on the Identity Pool
  • API Auth is configured with IAM and User Pools (IAM is default)
  • Neither the authed nor the unauthed IAM roles have any explicit permissions for subscriptions, but I’m able to subscribe successfully with the authed role, e.g. via the AppSync console.

Here’s the schema:

type Quiz
  @model(subscriptions: { level: public })
  @auth(
    rules: [
      { allow: owner },
      { allow: public, provider: iam, operations: [read] }
    ]
  ) {
  id: ID!
  title: String!
  seconds: Int!
  currentQuestion: String
  questionOrder: String
  started: Boolean
  questionTime: Int
  view: Int
  owner: String!
}

App.js I’m using to reproduce the error:

import React from 'react';
import Amplify from 'aws-amplify';
import { DataStore } from '@aws-amplify/datastore';
import aws_exports from './aws-exports';
import { Quiz } from './models';

Amplify.configure(aws_exports);

DataStore.observe(Quiz).subscribe((msg) => {
  console.log(msg.model, msg.opType, msg.element);
});

const App = () => <></>;

export default App;

I can also reproduce the UnauthorizedException error by attempting to subscribe without using DataStore:

API.graphql(
  graphqlOperation(subscriptions.onCreateQuiz)
).subscribe({
  next: (quizData) => console.log(quizData)
});

Here’s the generated IAM policy (identical for authed and unauthed roles):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "appsync:GraphQL"
            ],
            "Resource": [
                "arn:aws:appsync:us-east-1:xxxxxapis/xxxxxxxxxx/types/Quiz/*",
                "arn:aws:appsync:us-east-1:xxxxx:apis/xxxxxxxxxx/types/Query/fields/getQuiz",
                "arn:aws:appsync:us-east-1:xxxxx:apis/xxxxxxxxxx/types/Query/fields/listQuizs",
                "arn:aws:appsync:us-east-1:xxxxx:apis/xxxxxxxxxxtypes/Query/fields/syncQuizzes"
            ],
            "Effect": "Allow"
        }
    ]
}

Dependency versions:

Read more comments on GitHub >

github_iconTop Results From Across the Web

DataStore - subscriptionError, Connection failed
I want to use DataStore to only load the current user's data when the user is logged in. let uuID = ''; //...
Read more >
Find Answers to AWS Questions about AWS Amplify Studio
If I change some data in the "content (datastore)" of Amplify Studio the data ... left empty from the console, it now shows...
Read more >
DataStore - Other methods - Android - AWS Amplify Docs
Synchronization starts automatically whenever you run any DataStore operation ( query() , save() , delete() , observe() .) You can also explicitly begin...
Read more >
Troubleshoot self-hosted integration runtime - Azure
Learn how to troubleshoot self-hosted integration runtime issues in Azure Data ... Copy one IR from datastore 1 to Azure Blob Storage ...
Read more >
Troubleshooting Smart IT availability or stability issues
Important: During the start-up of Smart IT Server, it will sync these ... Data Store for Smart IT) with the Login ID and...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Custom auth lambda trigger is not configured for the user pool.

Next page

ES6 arrow function syntax breaking Internet Explorer 11 (IE11)