Unauthenticated identity throws AuthError without user pool

[jmparsons]

Before opening, please confirm:

• I have searched for duplicate or closed issues and discussions.
• I have read the guide for submitting bug reports.
• I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

React

Amplify APIs

Authentication, GraphQL API

Amplify Categories

auth

Environment information

# Put output below this line
npx: installed 1 in 1.189s

  System:
    OS: macOS 12.1
    CPU: (10) x64 Apple M1 Max
    Memory: 1.49 GB / 64.00 GB
    Shell: 5.8 - /bin/zsh
  Binaries:
    Node: 14.17.6 - ~/.nvm/versions/node/v14.17.6/bin/node
    Yarn: 1.22.17 - /usr/local/bin/yarn
    npm: 6.14.15 - ~/.nvm/versions/node/v14.17.6/bin/npm
    Watchman: 2022.02.28.00 - /usr/local/bin/watchman
  Browsers:
    Brave Browser: 99.1.36.119
    Chrome: 103.0.5060.53
    Firefox: 100.0.1
    Safari: 15.2
  npmPackages:
    @ampproject/toolbox-optimizer:  undefined ()
    @babel/core:  undefined ()
    @babel/runtime:  7.15.4 
    @edge-runtime/primitives:  1.1.0-beta.10 
    @hapi/accept:  undefined ()
    @napi-rs/triples:  undefined ()
    @next/react-dev-overlay:  undefined ()
    @types/node: 18.0.0 => 18.0.0 
    @types/react: 18.0.14 => 18.0.14 
    @types/react-dom: 18.0.5 => 18.0.5 
    @vercel/nft:  undefined ()
    acorn:  undefined ()
    amphtml-validator:  undefined ()
    arg:  undefined ()
    assert:  undefined ()
    async-retry:  undefined ()
    async-sema:  undefined ()
    aws-amplify: ^4.3.26 => 4.3.26 
    babel-packages:  undefined ()
    browserify-zlib:  undefined ()
    browserslist:  undefined ()
    buffer:  undefined ()
    bytes:  undefined ()
    chalk:  undefined ()
    ci-info:  undefined ()
    cli-select:  undefined ()
    comment-json:  undefined ()
    compression:  undefined ()
    conf:  undefined ()
    constants-browserify:  undefined ()
    content-disposition:  undefined ()
    content-type:  undefined ()
    cookie:  undefined ()
    cross-spawn:  undefined ()
    crypto-browserify:  undefined ()
    cssnano-simple:  undefined ()
    debug:  undefined ()
    devalue:  undefined ()
    domain-browser:  undefined ()
    edge-runtime:  undefined ()
    eslint: 8.18.0 => 8.18.0 
    eslint-config-next: 12.2.0 => 12.2.0 
    etag:  undefined ()
    events:  undefined ()
    find-cache-dir:  undefined ()
    find-up:  undefined ()
    fresh:  undefined ()
    get-orientation:  undefined ()
    glob:  undefined ()
    gzip-size:  undefined ()
    http-proxy:  undefined ()
    https-browserify:  undefined ()
    icss-utils:  undefined ()
    ignore-loader:  undefined ()
    image-size:  undefined ()
    is-animated:  undefined ()
    is-docker:  undefined ()
    is-wsl:  undefined ()
    jest-worker:  undefined ()
    json5:  undefined ()
    jsonwebtoken:  undefined ()
    loader-utils:  undefined ()
    lodash.curry:  undefined ()
    lru-cache:  undefined ()
    micromatch:  undefined ()
    mini-css-extract-plugin:  undefined ()
    nanoid:  undefined ()
    native-url:  undefined ()
    neo-async:  undefined ()
    next: 12.2.0 => 12.2.0 
    node-fetch:  undefined ()
    node-html-parser:  undefined ()
    ora:  undefined ()
    os-browserify:  undefined ()
    p-limit:  undefined ()
    path-browserify:  undefined ()
    postcss-flexbugs-fixes:  undefined ()
    postcss-modules-extract-imports:  undefined ()
    postcss-modules-local-by-default:  undefined ()
    postcss-modules-scope:  undefined ()
    postcss-modules-values:  undefined ()
    postcss-preset-env:  undefined ()
    postcss-safe-parser:  undefined ()
    postcss-scss:  undefined ()
    postcss-value-parser:  undefined ()
    process:  undefined ()
    punycode:  undefined ()
    querystring-es3:  undefined ()
    raw-body:  undefined ()
    react: 18.2.0 => 18.2.0 
    react-dom: 18.2.0 => 18.2.0 
    react-is:  17.0.2 
    react-refresh:  0.12.0 
    react-server-dom-webpack:  undefined ()
    regenerator-runtime:  0.13.4 
    sass-loader:  undefined ()
    schema-utils:  undefined ()
    semver:  undefined ()
    send:  undefined ()
    setimmediate:  undefined ()
    source-map:  undefined ()
    stream-browserify:  undefined ()
    stream-http:  undefined ()
    string-hash:  undefined ()
    string_decoder:  undefined ()
    strip-ansi:  undefined ()
    tar:  undefined ()
    terser:  undefined ()
    text-table:  undefined ()
    timers-browserify:  undefined ()
    tty-browserify:  undefined ()
    typescript: 4.7.4 => 4.7.4 
    ua-parser-js:  undefined ()
    unistore:  undefined ()
    util:  undefined ()
    vm-browserify:  undefined ()
    watchpack:  undefined ()
    web-vitals:  undefined ()
    webpack:  undefined ()
    webpack-sources:  undefined ()
    ws:  undefined ()
  npmGlobalPackages:
    @aws-amplify/cli: 7.4.5
    @graphql-codegen/typescript: 2.4.2
    @squoosh/cli: 0.7.2
    aws-cdk-local: 1.65.8
    aws-cdk: 2.29.1
    npm: 6.14.15

Describe the bug

The Auth modules throws an AuthError when using only identity pool to authorize unauthenticated access. It seems to fallback from checking for federated user to a cognito user - we are not using anything cognito, no user pools - solely identity pools.

Expected behavior

There should be no errors thrown if authentication is using unauthenticated access with identity pools - and no requirements to have a user pool at all.

Reproduction steps

1. create an appsync
2. set appsync to use iam access
3. create an identity pool with unauthenticated access
4. provide permissions to appsync from unauth role
5. access appsync from client

Code Snippet

// Put your code below this line.
import { Amplify, API } from "aws-amplify";
import type { NextPage } from "next";
import { useEffect } from "react";

Amplify.configure({
  aws_appsync_graphqlEndpoint:
    "https://APPSYNC_ID.appsync-api.APPSYNC_REGION.amazonaws.com/graphql",
  aws_appsync_region: "us-east-1",
  aws_appsync_authenticationType: "AWS_IAM",
  Auth: {
    identityPoolId: "POOL_ID",
    region: "us-east-1",
  },
});

export const listNotes = `
  query ListNotes {
    listNotes {
      content
    }
  }
`;

const Home: NextPage = () => {
  useEffect(() => {
    const fetchData = async () => {
      const createdTodo = await API.graphql({
        query: listNotes,
        authMode: "AWS_IAM",
      });
      console.log("createdTodo", createdTodo);
    };
    fetchData();
  }, []);

  return <div>notes</div>;
};

export default Home;

Log output

// Put your logs below this line
next-dev.js?3515:24 [ERROR] 10:09.563 AuthError - 
            Error: Amplify has not been configured correctly. 
            The configuration object is missing required auth properties.
            This error is typically caused by one of the following scenarios:

            1. Did you run `amplify push` after adding auth via `amplify add auth`?
                See https://aws-amplify.github.io/docs/js/authentication#amplify-project-setup for more information

            2. This could also be caused by multiple conflicting versions of amplify packages, see (https://docs.amplify.aws/lib/troubleshooting/upgrading/q/platform/js) for help upgrading Amplify packages.

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

[jmparsons]

The error comes from checking for a user pool here:

https://github.com/aws-amplify/amplify-js/blob/main/packages/auth/src/Auth.ts#L1639

currentUserCredentials -> currentSession -> rejectNoUserPool

It is triggered from a failed federatedInfo check here:

https://github.com/aws-amplify/amplify-js/blob/main/packages/auth/src/Auth.ts#L1737

Unauthenticated federated shouldn't be checked against user pool.

[kevohagan]

this is also happening to me

Everything works fine but as @jmparsons explained very well, the conditional does not take into account the possibility of having Auth configured with just an IdentityPoolId.

[khatruong2009]

Hi Jonathan,

The code is inside a try-catch and is there to make sure that the user is given UnAuth credentials. Although an error is being logged, the functionality is still the same. I have submitted a pull request to fix this issue and remove the logging of the error when a user pool is not present.

Thanks,
Kha

[khatruong2009]

Hi @jmparsons @kevohagan,

This fix was released in the 2022-08-01 Amplify release: aws-amplify@4.3.30.

Thanks,
Kha

[jmparsons]

Awesome tyvm @khatruong2009! Works great on my unauthorized page, no errors thrown.