Trying to use DataStore with Multi authentication mode fails

Before opening, please confirm:

• I have installed the latest version of the Amplify CLI (see above), and confirmed that the issue still persists.
• I have searched for duplicate or closed issues.
• I have read the guide for submitting bug reports.
• I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
• I have removed any sensitive information from my code snippets and submission.

How did you install the Amplify CLI?

No response

If applicable, what version of Node.js are you using?

No response

Amplify CLI Version

10.0.0

What operating system are you using?

Mac - Monterey 12.4 (M1)

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

No manual changes made

Amplify Categories

api

Amplify Commands

Not applicable

Describe the bug

I have a simpler description on a Discord comment that may be useful if you want to avoid get into many details.

I have my schema which have different models that needs to be publicly accessible and only for auth users we need to being able to create/update those records, I had set up my schema using “AMAZON_COGNITO_USER_POOLS” as my default authentication mode and additionalAuthenticationProviders I have “API_KEY” with that setup I got errors like this issue suggests https://github.com/aws-amplify/amplify-js/issues/9369#issuecomment-996213369

Nonetheless, I do have my Multi auth set up. When I changed my default to be API_KEY then I got the public read working but I can’t make mutations anymore. Therefore, I can quickly see that DataStore is using only the default auth mode.

My code for multi auth is:

export const apiService: API = {
  init: (config = awsconfig) => {
    // Allow to connect application with AWS Amplify
    Amplify.configure({
      ...awsconfig,
      // https://docs.amplify.aws/lib/datastore/setup-auth-rules/q/platform/js/#configure-multiple-authorization-types
      DataStore: {
        authModeStrategyType: AuthModeStrategyType.MULTI_AUTH,
      },
    })

    DataStore.configure({
      errorHandler: (error) => {
        console.error('Unrecoverable error', { error })
      },
    })

    if (window.location.hostname === 'localhost') Amplify.Logger.LOG_LEVEL = 'INFO'
  },
}

// App.tsx

apiService.init()

function App() {
  return /* All routes and provider */
}

export default App

Expected behavior

According to this https://docs.amplify.aws/lib/datastore/setup-auth-rules/q/platform/js/#configure-multiple-authorization-types everything should work, but I can’t see how to actually being able to debug what’s wrong with my setup (a fundamental bug here probably is my fault rather than amplify tech but I don’t see how to debug this problem).

Worth to mention that when I set my default to API_KEY if I try a mutation with AppSync from the client I need to specify auth mode as https://docs.amplify.aws/lib/graphqlapi/authz/q/platform/js/#using-amplify-graphql-client and https://stackoverflow.com/a/70523375/1422380 and that make the mutation take effect

Reproduction steps

1. Create a model with auth rules like:

type Project
  @model
  @auth(
    rules: [
      { allow: private }
      { allow: public, operations: [read], provider: apiKey }
    ]
  )
...

1. Setup DataStore multi auth
2. Set default auth mode “API_KEY”
3. Try to use datastore to make mutations on the model

You get: “Unauthorized” on errors when perform a mutation

GraphQL schema(s)

# Put schemas below this line
# A representation of a user on its 'participant' role, id will match the Profile.id
type Participant
  @model
  @auth(
    rules: [
      { allow: private }
      { allow: public, operations: [read], provider: apiKey }
    ]
  ) {
  # use same id than Profile to make easier the lookups
  id: ID!
  profileID: ID!
  profile: Profile @hasOne(fields: ["profileID"])
  skills: [Skill] @manyToMany(relationName: "SkillParticipantConnection")
  projects: [Project] @manyToMany(relationName: "ProjectParticipantConnection")
  posts: [Post] @hasMany(indexName: "byParticipant", fields: ["id"])
  # see relationship insights [1]
  # checkups: [Checkup] @hasMany
}

type Organiser
  @model
  @auth(
    rules: [
      { allow: private }
      { allow: public, operations: [read], provider: apiKey }
    ]
  ) {
  # use same id than Profile to make easier the lookups
  id: ID!
  profileID: ID!
  profile: Profile @hasOne(fields: ["profileID"])
  projects: [Project] @manyToMany(relationName: "ProjectOrganiserConnection")
}

# The actual projects that people can work on
type Project
  @model
  @auth(
    rules: [
      { allow: private }
      { allow: public, operations: [read], provider: apiKey }
    ]
  ) {
  id: ID!
  name: String!
  description: String!
  location: String!
  problem: String!
  solution: String!
  launchPlan: String!
  status: ProjectStatus! @default(value: "DRAFT")
  tags: [Tag] @manyToMany(relationName: "ProjectTagConnection")
  organisers: [Organiser] @manyToMany(relationName: "ProjectOrganiserConnection")
  participants: [Participant]
    @manyToMany(relationName: "ProjectParticipantConnection")
  posts: [Post] @hasMany(indexName: "byProject", fields: ["id"])
}

Project Identifier

976fd779f41a5b0cbe838e291735690e

Log output

# Put your logs below this line

Additional information

I could perhaps make reads with AppSync from the client, but that removes the whole point to have DataStore in order to have optimistic updates on the UI.