-
Notifications
You must be signed in to change notification settings - Fork 238
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using Guest Credentials? #457
Comments
@cto-leaps Are you using a Cognito User Pool in combination with a Cognito Identity Pool? If not, what mechanism are you trying to use? |
@haverchuck hey, Yes I am using user pool and identity pool |
It is not possible to guess to fetch objects from database? |
@SalahAdDin Nope, when I try a Amplify.Auth.fetchAuthSession(), I do get AWSCredentials, but later, when I try to query my public (IAM) accessible GraphQL model, I get a
error... |
@cto-leaps sorry you having this issue. I was able to reproduce this error with the example API app in this repository when I configured the api to use IAM. I was able to make guest access in the same app only work when configured with API key access instead of IAM. I will keep investigating. |
Any update on this? I have the same problem. Using auth rule "allow: public, provider: iam" but can only query when logged in. I already have guest access set up through auth. Query as guest produces this result: "flutter: Query failed: ApiException(message: Failed to retrieve Cognito UserPool token., recoverySuggestion: , underlyingException: The operation couldn’t be completed. (Amplify.AuthError error 6.))" Could this be related to the IAM policy for the unauthenticated role? |
Hello @cto-leaps . Thanks for your patience while I looked into this. I agree it’s confusing as I spent a lot of time to understand it myself. There may be 2 issues at play here:
We just added support for #2 via @jodafm’s PR adding support for the apiName parameter to GraphQL requests with version 0.2.2. There is some documentation for that available at the bottom of https://docs.amplify.aws/lib/graphqlapi/authz/q/platform/flutter which has been recently added. Alone, this may not solve your problem, but it allows for many more options when supporting this kind of functionality. For example, you could restrict mutations to logged in users via cognito user pools and allow reading via IAM/api keys, assuming your auth resource has guest access enabled as seen on https://docs.amplify.aws/lib/auth/guest_access/q/platform/flutter. In that case, your schema would have auth directives similar to
and that your amplifyconfiguration has entries for both auth modes like the example on the documentation page. For #1, guest access can be supported in a single auth mode with either API keys (not suggested for write access) or IAM. You mentioned above that you wanted guest access for some operations plus authenticated access for others. In an example app, I was able to get that working with similar auth directives like:
This can allow guest access along with authenticated access but does not allow for some features only supported by user pools, like owner-based access. In these use cases, multiple auth modes is handy. While that’s a little summary, I might be missing some information or might have misread some details from your earlier comments. Which authorization mode(s) are you trying to use with the apiPlugin? Would it be possible to include relevant portions of your graphql schema here as well as amplifyconfiguration.dart file (removing/anonymizing anything you’re not comfortable with)? |
Hi @cto-leaps I am closing this issue for now as we didn't hear from you Regards |
So sorry @offlineprogrammer for my silence. I really thought I had commented back. |
I have this exact permission setup, it worked well in my JavaScript app for 2 years, now I'm porting the app to Flutter but anonymous access doesn't work.
Did I miss anything? BTW, why the APIs are different on different platforms ( |
I can confirm the behavior described by @a9udn9u. Even though I configured After adding the additional auth type manually everything worked but those changes of course will be lost after running Are the amplify devs aware that the cli parameter additionalAuthTypes is not reflected in Fom my current understanding you have to do the following in order to enable authenticated access and guest (anonymous) access:
DataStore does not seem to support multiple authorization modes, so you have to rely on graphql queries. Created an issue for the problem with additionalAuthTypes in amplifyconfiguration.json. |
I'm desperately trying to figure out how to have a user access my graphql endpoint anonymously.
My back end is set up correctly with auth to do so, and my graphql schema authorizes operations such as read for some models.
However, I can't seem to find any documentation on how to proceed to have an anonymous user get credentials and access these models.
Any example available?
Anyone has managed to have both anonymous and logged in users actions work in their app?
How do you migrate an anonymous user to a registered one?
I know lots of questions but I am really lacking documentation here.
Help 🙏
The text was updated successfully, but these errors were encountered: