-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Received an UnauthorizedException when calling GraphQL with Auth0 as OIDC. #13252
Comments
hi @cwomack any update for this? 🙇 |
Hi @TitusEfferian it looks like your schema has a I think it's also worth mentioning that your |
I am experimenting with a completely new project, so currently I don't have any items in DynamoDB. I tried creating new data but encountered the same error. Here, I have already attempted to modify the schema again. type AnotherTodo
@model
@auth(rules: [{ allow: owner, provider: oidc, identityClaim: "sub" }]) {
id: ID!
name: String!
description: String!
} const client = generateClient();
const input: CreateAnotherTodoInput = {
description: "hello",
name: "hello",
};
client
.graphql({
query: createAnotherTodo,
authMode: "oidc",
variables: {
input,
},
})
.then((x) => {
console.log(x);
})
.catch((err) => {
console.log(err);
});
Yes, I can confirm that the token sent in the GraphQL request is the same one that I placed in myTokenProvider. I can also confirm that the structure of the JWT contains the |
Hi, Recently, since Amplify Gen 2 is in stable release, I tried to implement the same use case but with Gen 2. It works well in Gen 2 because the information is clearer, thanks to the use of TypeScript configuration for constructing the backend. I wrote an article based on my experiment in case anyone encounters this issue: How to Implement Auth0 and Discord Login in AWS Amplify Gen 2: A Step-by-Step Guide. However, I still wonder how to achieve the same use case in Gen 1. |
@TitusEfferian thanks for sharing this guide and glad it worked in Gen 2! It should definitely work in Gen 1. The docs link you shared in the issue description was for Gen 2. Here are the instructions for Gen 1: https://docs.amplify.aws/gen1/react/build-a-backend/auth/advanced-workflows/#federate-with-auth0 Go through this and make sure you have not missed a step |
Before opening, please confirm:
JavaScript Framework
React
Amplify APIs
GraphQL API
Amplify Version
v6
Amplify Categories
api
Backend
Amplify CLI
Environment information
Describe the bug
I am trying to perform some CRUD operations with GraphQL, using Auth0 as the OIDC provider. I have successfully logged in with Auth0, obtained the idToken, passed it to Amplify Auth, and received all the results within
fetchAuthSession()
. Now, I am planning to hit a GraphQL endpoint, but I encountered an "UnauthorizedException" error.I have explored all the available open and closed issues in this repository using the filter is:issue is:open graphql auth0, and I didn’t find any duplicates or relevant issues related to my case. I have also searched in the aws-amplify Discord and still haven't found any information, so I decided to open a new issue here.
Expected behavior
GraphQL returns a 200 status code, with expected data
Reproduction steps
amplify add api
.Code Snippet
main.tsx
App.tsx
auth0 api response
pass auth0 information into amplify, and call fetchAuthSession()
Call the graphql API response
header curl:
schema.graphql
Log output
aws-exports.js
/* eslint-disable */
// WARNING: DO NOT EDIT. This file is automatically generated by AWS Amplify. It will be overwritten.
const awsmobile = {
"aws_project_region": "ap-northeast-1",
"aws_appsync_graphqlEndpoint": "https://my-domain.appsync-api.ap-northeast-1.amazonaws.com/graphql",
"aws_appsync_region": "ap-northeast-1",
"aws_appsync_authenticationType": "API_KEY",
"aws_appsync_apiKey": "my key",
"aws_cognito_identity_pool_id": "my id",
"aws_cognito_region": "ap-northeast-1",
"aws_user_pools_id": "ap-northeast-my-id",
"aws_user_pools_web_client_id": "my id",
"oauth": {
"domain": "my-domain-staging.auth.ap-northeast-1.amazoncognito.com",
"scope": [
"phone",
"email",
"openid",
"profile",
"aws.cognito.signin.user.admin"
],
"redirectSignIn": "http://localhost:5173/",
"redirectSignOut": "http://localhost:5173/",
"responseType": "code"
},
"federationTarget": "COGNITO_USER_POOLS",
"aws_cognito_username_attributes": [
"EMAIL"
],
"aws_cognito_social_providers": [],
"aws_cognito_signup_attributes": [
"EMAIL",
"NAME"
],
"aws_cognito_mfa_configuration": "OFF",
"aws_cognito_mfa_types": [
"SMS"
],
"aws_cognito_password_protection_settings": {
"passwordPolicyMinLength": 8,
"passwordPolicyCharacters": []
},
"aws_cognito_verification_mechanisms": [
"EMAIL"
]
};
export default awsmobile;
Manual configuration
No response
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
No response
The text was updated successfully, but these errors were encountered: