Amplify-cli: 'type not with @model' can't be returned as a multi-auth query result.

Created on 16 Oct 2019  路  4Comments  路  Source: aws-amplify/amplify-cli

Note: If your issue/bug is regarding the AWS Amplify Console service, please log it in the
Amplify Console GitHub Issue Tracker

Describe the bug
I was planning to provide non-authorized access to the API using @auth multi-auth directives.
But the "type" which is not annotated with @model cannot be returned as a query result, inspite of the query was fully authorized by @auth. For Instance, "type S3Object" cannot be returned with error message 

GraphQL error: Not Authorized to access bucket on type S3Object
GraphQL error: Not Authorized to access region on type S3Object
GraphQL error: Not Authorized to access key on type S3Object

To Reproduce
My extracted schema code

type Class
  @model
  @searchable
  @auth(rules: [{ allow: private, provider: userPools }, { allow: public, provider: apiKey, operations: [read] }])

  {

  id: ID!
  title: String!
  host: User! @connection(name: "ClassHostUser", sortField: "createdAt")
  ...
  }

type User @auth(rules: [{ allow: private, provider: userPools }, { allow: public, provider: apiKey, operations: [read]  }]) @model {
  id: String!
  name: String
  intro: String
  picture: S3Object
}

type S3Object {
  bucket: String!
  region: String!
  key: String!
}

query GetClass($id: ID!) {
  getClass(id: $id) {
    __typename
    id
    title
    host {
      id
      name
      intro
      picture {
        bucket
        region
        key
      }
    }
  }
}

Expected behavior
S3Object should be returned...
but not because it's not authorized to public access and I already know that I can't annotate @auth to 'type S3Object' because it's not annotated with @model.

Additional context
amplify-cli: 3.15.0

graphql-transformer pending-triage
Source
picture rarira

Most helpful comment

You can add the AppSync Authorization Modes directly in your schema.graphql like so:

type S3Object @aws_iam @aws_cognito_user_pools {
  bucket: String!
  region: String!
  key: String!
}
picture pechisworks on 16 Oct 2019
👍4 🎉1

All 4 comments

You can add the AppSync Authorization Modes directly in your schema.graphql like so:

type S3Object @aws_iam @aws_cognito_user_pools {
  bucket: String!
  region: String!
  key: String!
}
pechisworks picture pechisworks on 16 Oct 2019
👍4 🎉1

You can add the AppSync Authorization Modes directly in your schema.graphql like so:

type S3Object @aws_iam @aws_cognito_user_pools {
  bucket: String!
  region: String!
  key: String!
}

it works!.. indeed not @aws_iam but @aws_api_key, but it feels so weird to me that I have to use @auth directives because I can't use @aws_api_key @aws_cognito_user_pools directly in schema.graphql with older versions of amplify-cli and it's not documented at all, isn't it?

rarira picture rarira on 17 Oct 2019

@rarira This is based on the change in the newer versions of the cli which support multi-auth.
Closing this issue, feel free to comment on this thread if you are stuck on this.

SwaySway picture SwaySway on 17 Oct 2019

@SwaySway
It should be documented in the @Auth section.
Maybe as a tip for simple types.

davidbiller picture davidbiller on 21 Nov 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ffxsam picture ffxsam  路  3Comments
zjullion picture zjullion  路  3Comments
gabriel-wilkes picture gabriel-wilkes  路  3Comments
jeanpaulcozzatti picture jeanpaulcozzatti  路  3Comments
kangks picture kangks  路  3Comments