Amplify-cli: [Bug] - "amplify api push" throws error if project has no API Key authentication provider configured

Created on 30 Mar 2020  路  13Comments  路  Source: aws-amplify/amplify-cli

Describe the bug
I created a graphQL schema with @auth for a public apiKey to be used for graphQL local development and testing. Now I can't update my api or schema. It throws the following error whenever I do amplify api update or amplify api push.

@auth directive with 'apiKey' provider found, but the project has no API Key authentication provider configured.
There was an error pushing the API resource
InvalidDirectiveError: @auth directive with 'apiKey' provider found, but the project has no API Key authentication provider configured.

@auth(
    rules: [
        {
            allow: public
            provider: apiKey
            operations: [create, read, update, delete]
        }
    ]

Amplify CLI Version
4.16.1

To Reproduce

  1. Create a GraphQL api
  2. Define a schema with @auth with rule of public api key
  3. Do amplify api update or modify schema and do amplify push

Expected behavior
It doesn't make sense for this to throw an error and prevents developers from pushing resources to the cloud. It should just be an warning at best. Developers should know what they are doing when they add @auth with rule of public api key. It shouldn't confine them to use it only in amplify configurable way, which posts much constrains to their use case. Please fix this soon. Thanks.

@auth graphql-transformer
Source
picture xitanggg
👍1

Most helpful comment

@bilgrami solution worked. Make sure to press space to select API key on "Choose the additional authorization types you want to configure for the API " step

picture schrecka on 31 Oct 2020
4 🎉1

All 13 comments

@xitanggg Can you try amplify push to make sure the auth is pushed too?

ammarkarachi picture ammarkarachi on 30 Mar 2020

@ammarkarachi thanks for your prompt response. I don't give Cognito users IAM permission when creating Auth so I doubt this would help. I have some resources not ready to push at this moment but I can try later.

xitanggg picture xitanggg on 30 Mar 2020

@xitanggg Do you have API Key authorization set as one of the Auth types? You can check that in amplify/backend/backend-config.json file.

kaustavghosh06 picture kaustavghosh06 on 30 Mar 2020

@kaustavghosh06 thanks for looking into this issue. No, I don't think I have API key authorization set. When creating Auth using the CLI, I choose Manual configuration and only gives User Sign-Up & Sign-In Only. When creating the GraphQL API, I add API key as authorization type in addition to Amazon Cognito User Pool. I am using the API key temporally myself because it is easier to do local testing using API key without using the Cognito User Pool credentials.

Currently, the CLI seems to not like this because I don't configure any public API key usage via amplify and throws me an error. I am not sure if I am the edge developer, in which I don't think CLI should throw an error in this case. It can post a warning telling me I didn't configure any resource to use public API key but it shouldn't prevent me from updating my schema until I actually configure something that use public API key. Thanks.

{
"auth": {
    "userPoolGroups": {
        "service": "Cognito-UserPool-Groups",
        "providerPlugin": "awscloudformation",
        "dependsOn": [
            {
                "category": "auth",
                "resourceName": "myUserAuthResource",
                "attributes": [
                    "UserPoolId",
                    "AppClientIDWeb",
                    "AppClientID",
                    "IdentityPoolId"
                ]
            }
        ]
    }
}

"myGraphQL": {
    "service": "AppSync",
    "providerPlugin": "awscloudformation",
        "output": {
            "authConfig": {
                "additionalAuthenticationProviders": [
                    {
                        "authenticationType": "API_KEY",
                        "apiKeyConfig": {
                            "description": "testingKey",
                            "apiKeyExpirationDays": 7
                        }
                    }
xitanggg picture xitanggg on 31 Mar 2020

@xitanggg No, you don't need to have to set API Key in your "auth" resource. you'd have to set API Key as an authentication type as a part of your API itself. It can either be the default auth type or an additional auth type. You can go through the amplify update api flow to add API Key as an authentication type to your API.

kaustavghosh06 picture kaustavghosh06 on 1 Apr 2020

Closing due to lack of response, please feel free to reopen it if the issue still persist.

attilah picture attilah on 6 Apr 2020

Amplify update api seems to be incapable of filling in more than one authentication type. If you run it and add a default and an additional auth type it does nothing with the additional auth type.

GavinSawyer picture GavinSawyer on 25 Jun 2020

yes your right @GavinSawyer Im also getting same issue. any solution?

elankeeran picture elankeeran on 17 Jul 2020

yes your right @GavinSawyer Im also getting same issue. any solution?

No solution, just avoided multiple Auth types. However you could try running update api with api key and user pool separately, find what each command outputs in the files, and combine them before pushing updates? I haven't tried that but it's definitely worth it since there's clearly a problem with the CLI.

GavinSawyer picture GavinSawyer on 17 Jul 2020

yes your right @GavinSawyer Im also getting same issue. any solution?

No solution, just avoided multiple Auth types. However you could try running update api with api key and user pool separately, find what each command outputs in the files, and combine them before pushing updates? I haven't tried that but it's definitely worth it since there's clearly a problem with the CLI.

Thanks @GavinSawyer Im also try to avoided the multiple Auth types. but its definitely bug. @attilah please have look.

elankeeran picture elankeeran on 17 Jul 2020

I solved it by

  1. Removing all @auth directives from GraphQL schema 
type Todos @model
{
  id: ID!
  text: String!
}

2. adding API Key as an additional authorization type

amplify update api
? Please select from one of the below mentioned services: GraphQL
? Select from the options below Update auth settings
? Choose the default authorization type for the API Amazon Cognito User Pool
Use a Cognito user pool configured as a part of this project.
? Configure additional auth types? Yes
? Choose the additional authorization types you want to configure for the API API key
API key configuration
? Enter a description for the API key: Public API
? After how many days from now the API key should expire (1-365): 365

_GraphQL schema compiled successfully._

  1. Finally, re-enabling @auth directive
type Todos @model
  @auth(rules: [
    { allow: public, operations: [read], provider: apiKey }
    ])
{
  id: ID!
  text: String!
}
bilgrami picture bilgrami on 29 Oct 2020
5

@bilgrami solution worked. Make sure to press space to select API key on "Choose the additional authorization types you want to configure for the API " step

schrecka picture schrecka on 31 Oct 2020
4 🎉1

@bilgrami Thanks! works for me!
I'm curious about how you can refresh the API key...
https://github.com/aws-amplify/amplify-cli/issues/5843

yaquawa picture yaquawa on 12 Nov 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jeanpaulcozzatti picture jeanpaulcozzatti  路  3Comments
mwarger picture mwarger  路  3Comments
jexh picture jexh  路  3Comments
davo301 picture davo301  路  3Comments
YikSanChan picture YikSanChan  路  3Comments