amplify-js: DataStore - Sync error - UnauthorizedException

I receive this error: DataStore - Sync error – "subscription failed Connection failed: {\"errors\":[{\"errorType\":\"UnauthorizedException\",\"message\":\"Permission denied\"}]}"

While I run this code:

Auth.currentCredentials() .then(d => console.log("data: ", d)) .catch(e => console.log("error: ", e));

before

this.init = DataStore.observe(Quiz).subscribe();

with this schema:

type Quiz
  @model
  @auth(
    rules: [
      { allow: public, provider: iam, operations: [read] }
      { allow: owner }
    ]
  ) {
  id: ID!
  title: String!
  seconds: Int!
  currentQuestion: String
  questionOrder: String
  started: Boolean
  questionTime: Int
  view: Int
  owner: String!
}

type Questions
  @model
  @auth(
    rules: [
      { allow: public, provider: iam, operations: [read] }
      { allow: owner }
    ]
  ) {
  id: ID!
  image: String
  youtube: String
  question: String!
  answerOne: String
  answerOneCorrect: Boolean
  answerTwo: String
  answerTwoCorrect: Boolean
  answerThree: String
  answerThreeCorrect: Boolean
  answerFour: String
  answerFourCorrect: Boolean
  quizID: String!
  order: Int
  public: Boolean
  fromLibrary: Boolean
  category: String
}
type QuestionsDB
  @model
  @auth(
    rules: [
      { allow: public, provider: iam, operations: [read] }
      { allow: owner }
    ]
  ) {
  id: ID!
  image: String
  youtube: String
  question: String!
  answerOne: String
  answerOneCorrect: Boolean
  answerTwo: String
  answerTwoCorrect: Boolean
  answerThree: String
  answerThreeCorrect: Boolean
  answerFour: String
  answerFourCorrect: Boolean
  relatedQuestion: String!
  public: Boolean
  category: String
  language: String
}

type Subscribers @model @auth(rules: [{ allow: public, provider: iam }]) {
  id: ID!
  type: String!
  score: Int!
  quizID: String!
  name: String!
}

type Responses @model @auth(rules: [{ allow: public, provider: iam }]) {
  id: ID!
  quiz: String!
  subscriber: String!
  question: String!
}
type Languages
  @model
  @auth(rules: [{ allow: public, provider: iam }])
  @key(name: "ByCode", fields: ["type", "code"], queryField: "getLangByCode") {
  id: ID!
  type: String!
  code: String!
}

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 29 (6 by maintainers)

Commits related to this issue

Most upvoted comments

Not sure anymore 😔

+1
rpostulart on Apr 1, 2021

Transferring this over per my conversation with @edwardfoyle.

I was able to reproduce this issue using the following simplified schema (and explicitly turning off subscription authorization on the model).

When I try to subscribe to changes on this model with DataStore as an unauthed user, I get the error: "DataStore - Sync error subscription failed Connection failed: {"errors":{"errorType":"UnauthorizedException","message":"Permission denied”}}"

  • Unauthed Identities are enabled on the Identity Pool
  • API Auth is configured with IAM and User Pools (IAM is default)
  • Neither the authed nor the unauthed IAM roles have any explicit permissions for subscriptions, but I’m able to subscribe successfully with the authed role, e.g. via the AppSync console.

Here’s the schema:

type Quiz
  @model(subscriptions: { level: public })
  @auth(
    rules: [
      { allow: owner },
      { allow: public, provider: iam, operations: [read] }
    ]
  ) {
  id: ID!
  title: String!
  seconds: Int!
  currentQuestion: String
  questionOrder: String
  started: Boolean
  questionTime: Int
  view: Int
  owner: String!
}

App.js I’m using to reproduce the error:

import React from 'react';
import Amplify from 'aws-amplify';
import { DataStore } from '@aws-amplify/datastore';
import aws_exports from './aws-exports';
import { Quiz } from './models';

Amplify.configure(aws_exports);

DataStore.observe(Quiz).subscribe((msg) => {
  console.log(msg.model, msg.opType, msg.element);
});

const App = () => <></>;

export default App;

I can also reproduce the UnauthorizedException error by attempting to subscribe without using DataStore:

API.graphql(
  graphqlOperation(subscriptions.onCreateQuiz)
).subscribe({
  next: (quizData) => console.log(quizData)
});

Here’s the generated IAM policy (identical for authed and unauthed roles):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "appsync:GraphQL"
            ],
            "Resource": [
                "arn:aws:appsync:us-east-1:xxxxxapis/xxxxxxxxxx/types/Quiz/*",
                "arn:aws:appsync:us-east-1:xxxxx:apis/xxxxxxxxxx/types/Query/fields/getQuiz",
                "arn:aws:appsync:us-east-1:xxxxx:apis/xxxxxxxxxx/types/Query/fields/listQuizs",
                "arn:aws:appsync:us-east-1:xxxxx:apis/xxxxxxxxxxtypes/Query/fields/syncQuizzes"
            ],
            "Effect": "Allow"
        }
    ]
}

Dependency versions:

+1
iartemiev on May 1, 2020
Read more comments on GitHub
← amplify-js: DataStore - subscriptionError Connection failed: NetInfo must be passed to networkMonitor to enable reachability in React Native
amplify-js: DataStore - Sync error, subscription failed Connection failed: {"errors":[{"message":"Validation error of type FieldUndefined: Field 'blogDemoPostsId' in type 'PostDemo' is undefined @ 'onCreatePostDemo/blogDemoPostsId'"}]} →