Amplify-cli: GraphQL @auth with Cognito Pool and apiKey does not work
Describe the bug
I'm using the following @auth configuration for my GraphQL @model:
@auth (
rules: [
{ allow: owner },
{ allow: public, provider: apiKey, operations: [read] }
]
)
I have setup Amazon Cognito User Pool as primary and apiKey as secondary authorization type:
amplify update api
? Please select from one of the below mentioned services GraphQL
? Choose the default authorization type for the API Amazon Cognito User Pool
Use a Cognito user pool configured as a part of this project.
? Do you want to configure advanced settings for the GraphQL API Yes, I want to make some additional changes.
? Choose the additional authorization types you want to configure for the API (Press <space> to select, <a> to toggle all, <i> to invert selection)
❯◯ API key
◯ IAM
◯ OpenID Connect
When I then run amplify push I get the following error:
@auth directive with 'apiKey' provider found, but the project has no API Key authentication provider configured.
To Reproduce
Annotate your model with:
@auth (
rules: [
{ allow: owner },
{ allow: private, provider: apiKey, operations: [read] }
]
)
Configure both Cognito Pool and apiKey auth providers via Amplify CLI. run amplify push
Expected behavior
Schema should compile and function as expected. Where a Cognito user has full access and an apiKey user has access only to a query.
Version:
Amplify: 3.14.0
rlimberger
All 12 comments
@rlimberger did you find any result. I using cognito too.
anarerdene
on 27 Oct 2019
@rlimberger are you pushing these changes at the same time? For me it work if I first configure both Cognito Pool and apiKey auth providers and run amplify push. Then I changed my GraphQL schema and ran amplify push again and it works.
carotorrehdz
on 8 Nov 2019
Same thing is happening with the AWS_IAM provider: you need to add that first via the CLI with amplify update api and then push, and after that you can actually add the @auth to the model and then push.
alonsovb
on 26 Feb 2020
Any updates ? Having the same problem
Pushing the api update first and then updating the scheme did not work.
I initially configured only Cognito, now when trying to add iam it fails with the same error (just iam instead of api key)
rndgrin
on 16 Apr 2020
I have amplify push issue now.
An error occured during the push operation: ENOENT: no such file or directory, open ...\team-provider-info.json'
How can I fix it?
springer12
on 2 May 2020
@rlimberger, @anarerdene, @carotorrehdz, @alonsovb How you exactly selecting the API key or other providers?
Moving down with the arrow key and pressing Enter does not select the option
"(Press
Closing the issue if you still experiencing it feel free to re-open or open a new one.
attilah
on 19 May 2020
I'm getting the same issue; I created the project with Cognito Pool after that, I update additional Authentication Providers with API key but not update both authentication provider. Getting below error@auth directive with 'apiKey' provider found, but the project has no API Key authentication provider configured.
InvalidDirectiveError: @auth directive with 'apiKey' provider found, but the project has no API Key authentication provider configured.
elankeeran
on 17 Jul 2020
I get this error also. This worked for me but is not convenient and causes downtime.
LukeShay
on 28 Jul 2020
Still doesn't work (with amplify -v => 4.27.1).
I tried with a mix of "traditional blog" as in the docs and Dabit's aws-appsync-react-workshop model.
I can push changes (by doing the api update first and then amplify push). But then directives are not taken into account. When using default ApiKey and secondary Cognito user pools, I can query but not create anything with a registered user. When using default Cognito user pool and secondary ApiKey, I can see and publish when registered but do nothing when unregistered.
type TestTalk
@model
@auth(
rules: [
{ allow: owner }
{ allow: private, operations: [read] }
{ allow: public, operations: [read] }
]
) {
id: ID!
clientId: ID
name: String!
description: String!
comments: [TestComment] @connection(name: "TalkComments")
}
type TestComment
@model
@auth(
rules: [
{
allow: owner
ownerField: "createdBy"
operations: [create, update, delete]
}
{ allow: private, operations: [read] }
]
) {
id: ID!
message: String
createdBy: String
talk: TestTalk @connection(name: "TalkComments")
}
philohelp
on 29 Oct 2020
I'm having issues as well. This should be simple and straightforward but it seems broken badly.
SourceCode
on 14 Nov 2020
Maybe you should press a SPACE KEY before press an enter when choosing the 'additional auth types.'
jeina7
on 16 Nov 2020
This is actually more subtle and if you look in the documentation they call it out briefly. Essentially if you are using the API Key for public access make sure you are using the AWSAppSyncClient configured for API access and do not attempt to use the API.graphql library.
You can see the details towards the bottom of the documentation here: https://docs.amplify.aws/lib/graphqlapi/authz/q/platform/js
import AWSAppSyncClient, { AUTH_TYPE } from 'aws-appsync';
import awsconfig from './aws-exports';
const client = new AWSAppSyncClient({
url: awsconfig.aws_appsync_graphqlEndpoint,
region: awsconfig.aws_appsync_region,
auth: {
type: AUTH_TYPE.API_KEY,
apiKey: awsconfig.aws_appsync_apiKey,
},
});
Is the example provided, then you should start using the AWSAppSyncClient for the API key level requests.
Something to note is that when you do this you depart back to the original Graphql patterns and will use gql to encapsulate the graphql operation.
SourceCode
on 16 Nov 2020
Related issues
onlybakam
·
3Comments
amlcodes
·
3Comments
adriatikgashi
·
3Comments
jeanpaulcozzatti
·
3Comments
MageMasher
·
3Comments
Most helpful comment
Same thing is happening with the
AWS_IAMprovider: you need to add that first via the CLI withamplify update apiand then push, and after that you can actually add the@authto the model and then push.