GraphQL @auth with Cognito Pool and apiKey does not work

[rlimberger]

Describe the bug
I'm using the following @auth configuration for my GraphQL @model:

@auth (
    rules: [
        { allow: owner },
        { allow: public, provider: apiKey, operations: [read] }
    ]
)

I have setup Amazon Cognito User Pool as primary and apiKey as secondary authorization type:

amplify update api
? Please select from one of the below mentioned services GraphQL
? Choose the default authorization type for the API Amazon Cognito User Pool
Use a Cognito user pool configured as a part of this project.
? Do you want to configure advanced settings for the GraphQL API Yes, I want to make some additional changes.
? Choose the additional authorization types you want to configure for the API (Press <space> to select, <a> to toggle all, <i> to invert selection)
❯◯ API key
 ◯ IAM
 ◯ OpenID Connect

When I then run amplify push I get the following error:

@auth directive with 'apiKey' provider found, but the project has no API Key authentication provider configured.

To Reproduce
Annotate your model with:

@auth (
    rules: [
        { allow: owner },
        { allow: private, provider: apiKey, operations: [read] }
    ]
)

Configure both Cognito Pool and apiKey auth providers via Amplify CLI. run amplify push

Expected behavior
Schema should compile and function as expected. Where a Cognito user has full access and an apiKey user has access only to a query.

Version:
Amplify: 3.14.0

[anarerdene]

@rlimberger did you find any result. I using cognito too.

[carotorrehdz]

@rlimberger are you pushing these changes at the same time? For me it work if I first configure both Cognito Pool and apiKey auth providers and run amplify push. Then I changed my GraphQL schema and ran amplify push again and it works.

[alonsovb]

Same thing is happening with the AWS_IAM provider: you need to add that first via the CLI with amplify update api and then push, and after that you can actually add the @auth to the model and then push.

[rndgrin]

Any updates ? Having the same problem

Pushing the api update first and then updating the scheme did not work.

I initially configured only Cognito, now when trying to add iam it fails with the same error (just iam instead of api key)

[springer12]

I have amplify push issue now.
An error occured during the push operation: ENOENT: no such file or directory, open ...\team-provider-info.json'
How can I fix it?

[attilah]

@rlimberger, @anarerdene, @carotorrehdz, @alonsovb How you exactly selecting the API key or other providers?

Moving down with the arrow key and pressing Enter does not select the option

"(Press to select, to toggle all, to invert selection)" as the on-screen instructions says.

Closing the issue if you still experiencing it feel free to re-open or open a new one.

[elankeeran]

I'm getting the same issue; I created the project with Cognito Pool after that, I update additional Authentication Providers with API key but not update both authentication provider. Getting below error@auth directive with 'apiKey' provider found, but the project has no API Key authentication provider configured. InvalidDirectiveError: @auth directive with 'apiKey' provider found, but the project has no API Key authentication provider configured.

[lukeshay]

I get this error also. This worked for me but is not convenient and causes downtime.

[philohelp]

Still doesn't work (with amplify -v => 4.27.1).

I tried with a mix of "traditional blog" as in the docs and Dabit's aws-appsync-react-workshop model.

I can push changes (by doing the api update first and then amplify push). But then directives are not taken into account. When using default ApiKey and secondary Cognito user pools, I can query but not create anything with a registered user. When using default Cognito user pool and secondary ApiKey, I can see and publish when registered but do nothing when unregistered.

type TestTalk
  @model
  @auth(
    rules: [
      { allow: owner }
      { allow: private, operations: [read] }
      { allow: public, operations: [read] }
    ]
  ) {
  id: ID!
  clientId: ID
  name: String!
  description: String!
  comments: [TestComment] @connection(name: "TalkComments")
}

type TestComment
  @model
  @auth(
    rules: [
      {
        allow: owner
        ownerField: "createdBy"
        operations: [create, update, delete]
      }
      { allow: private, operations: [read] }
    ]
  ) {
  id: ID!
  message: String
  createdBy: String
  talk: TestTalk @connection(name: "TalkComments")
}