Amplify-js: Error when upgrading to 3.0.11 version with AWSAppSyncRealTimeProvider and cognito identity pool

Created on 18 May 2020  路  7Comments  路  Source: aws-amplify/amplify-js

Describe the bug
Hi guys,
We updated aws-amplify lib from 2.2.7 to 3.0.11 and since, we cannot make any graphql request (from datastore or graphql api).
Here is the error we are receiving now:
[WARN] 57:00.206 AWSAppSyncRealTimeProvider - ensure credentials error No Cognito Identity pool provided for unauthenticated access.
Uncaught (in promise) Error: No credentials
at AWSAppSyncRealTimeProvider. (AWSAppSyncRealTimeProvider.js:1248)
at step (AWSAppSyncRealTimeProvider.js:169)
at Object.next (AWSAppSyncRealTimeProvider.js:99)
at fulfilled (AWSAppSyncRealTimeProvider.js:53)

We didn't change any config when going to newer version. User can still login and we are receiving accessToken and idToken. When we are rolling back to older version, everything is working again.
Does anyone has a clue on where to check or what could be wrong?

(We are not using AWS.config or AWS.credentials in the frontend app at all).

To Reproduce
Here is our auth config on entities:

type House
  @model
  @auth(
    rules: [
      { allow: groups, groupsField: "clientId" }
      { allow: private, provider: iam, operations: [read, create, update] }
    ]
  ) {
  id: ID!
  name: String!
...
  clientId: ID!
}

Problems occurs when we have signed in the user. On all grapqh request we have this error (from DataStore or from GraphQL API methods).
Our amplify init: 

Amplify.configure(awsExports)

Our login method:

Auth.signIn(email, password)

The user is well logged in, we are receiving him via Hub with all good params and his accessToken/idToken are ok.

Expected behavior
To be able to update to newer version

What is Configured?
If applicable, please provide what is configured for Amplify CLI:

  • Which resources do you have configured?

    • If applicable, please provide your aws-exports file:

      ``` const awsmobile = {

      "aws_project_region": "eu-west-1",

      "aws_cognito_identity_pool_id": "eu-west-1:xxx",

      "aws_cognito_region": "eu-west-1",

      "aws_user_pools_id": "eu-west-1_xxx",

      "aws_user_pools_web_client_id": "xxxx",

      "oauth": {

      "domain": "xxxx-dev.auth.eu-west-1.amazoncognito.com",

      "scope": [

      "phone",

      "email",

      "openid",

      "profile",

      "aws.cognito.signin.user.admin"

      ],

      "redirectSignIn": "https://fddsfdfdf.com/",

      "redirectSignOut": "https://ddfdfdf.com/",

      "responseType": "code"

      },

      "federationTarget": "COGNITO_USER_AND_IDENTITY_POOLS",

      "aws_content_delivery_bucket": "xxxx-hostingbucket-dev",

      "aws_content_delivery_bucket_region": "eu-west-1",

      "aws_content_delivery_url": "https://xxxxx.cloudfront.net",

      "aws_user_files_s3_bucket": "xxxxx-dev",

      "aws_user_files_s3_bucket_region": "eu-west-1",

      "aws_appsync_graphqlEndpoint": "https://xxxxx.appsync-api.eu-west-1.amazonaws.com/graphql",

      "aws_appsync_region": "eu-west-1",

      "aws_appsync_authenticationType": "AMAZON_COGNITO_USER_POOLS" };

GraphQL to-be-reproduced
Source
picture SebSchwartz
👍3

Most helpful comment

@manueliglesias It's ok with the delete of node_modules and lockfiles ;)

Thanks for help

picture SebSchwartz on 22 May 2020
🎉2 👍2

All 7 comments

Experiencing similar issues. I've tried every combination of api+auth that I can think of but get either "[WARN] 15:02.260 GraphQLAPI - ensure credentials error No Cognito Identity pool provided for unauthenticated access" which then results in a "No credentials" error OR I get an error of "undefined" when accessing my API with an authenticated Cognito user. These errors are despite that I have unauthenticated access enabled on my id pool.

My intent is to use IAM so I can provide public access to the API but am now unable to do so.

This was working fine last week but I haven't been able to roll back to an older version. When doing so I get errors with Amplify - likely due to deleting the project and starting over several times.

pixelsailor picture pixelsailor on 20 May 2020

Hi @SebSchwartz , @pixelsailor

Could you first try removing your node_modules directory, your yarn.lock or package-lock.json and re-running yarn install or npm install?

manueliglesias picture manueliglesias on 20 May 2020

Hi @SebSchwartz , @pixelsailor

Could you first try removing your node_modules directory, your yarn.lock or package-lock.json and re-running yarn install or npm install?

Already tried when I initially reverted to an earlier version than back to 3.0.11

pixelsailor picture pixelsailor on 21 May 2020

I seem to have a working app again for my use case. I created a new test app using IAM for API auth and noticed the error handler was returning errors for null keys. Used a create migration to create an entry with the API to create the missing, autogenerated underscore fields and got back clean results with no errors. Then went back to my dynamodb tables for my original app and added those fields to the tables (__typename, _lastChangedAt, _version) and now get good results again for that app as well.

I have not tried using the API with Cognito auth again so I may be bypassing the identity pool error. My use-case requires public, unauthenticated read access so I'm using public IAM auth to accomplish that.

Curious why it worked prior without those fields and broke suddenly. Constantly, destroying my Amplify app and recreating it certainly didn't help and just contributed to the problem since if I did have a good DB at one point it would have been destroyed in the process and then replaced with an erroneous one. Note that I was previously adding items to DynamoDB via the AWS console and not using Amplify API. If these fields are expected by the generated API it would be extremely helpful to have them noted in the docs or have them auto created by DynamoDB when adding items by hand.

pixelsailor picture pixelsailor on 21 May 2020

Thanks @pixelsailor

Looks like two different issues got mixed in this one, correct me if I am wrong, but your issue is not related to the error message AWSAppSyncRealTimeProvider - ensure credentials error, but to the fields Sync-enabled (DataStore enabled) apis require (_version, _deleted, _lastChangedAt)

If these fields are expected by the generated API it would be extremely helpful to have them noted in the docs or have them auto created by DynamoDB when adding items by hand.

Thank you for the suggestion, we'll look into making mention of this in the docs

manueliglesias picture manueliglesias on 21 May 2020

@SebSchwartz

When we are rolling back to older version, everything is working again. Does anyone has a clue on where to check or what could be wrong?

We've seen similar issues on v2 -> v3 upgrades, and sometimes it had to do with lockfiles. Can you remove your node_modules and lockfiles and try with the latest versions?

manueliglesias picture manueliglesias on 21 May 2020

@manueliglesias It's ok with the delete of node_modules and lockfiles ;)

Thanks for help

SebSchwartz picture SebSchwartz on 22 May 2020
🎉2 👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ddemoll picture ddemoll  路  3Comments
simon998yang picture simon998yang  路  3Comments
benevolentprof picture benevolentprof  路  3Comments
josoroma picture josoroma  路  3Comments
leantide picture leantide  路  3Comments