amplify-js: Datastore warning: User is unauthorized to query sync with auth mode.
Before opening, please confirm:
- I have searched for duplicate or closed issues and discussions.
- I have read the guide for submitting bug reports.
- I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
JavaScript Framework
React
Amplify APIs
DataStore
Amplify Categories
storage, api
Environment information
System:
OS: macOS 12.0.1
CPU: (8) arm64 Apple M1
Memory: 72.70 MB / 16.00 GB
Shell: 5.8 - /bin/zsh
Binaries:
Node: 17.0.1 - /opt/homebrew/bin/node
npm: 8.1.0 - /opt/homebrew/bin/npm
Watchman: 2021.10.18.00 - /opt/homebrew/bin/watchman
Browsers:
Chrome: 95.0.4638.69
Safari: 15.1
npmPackages:
@aws-amplify/ui-react: ^1.2.22 => 1.2.22
@testing-library/jest-dom: ^5.15.0 => 5.15.0
@testing-library/react: ^11.2.7 => 11.2.7
@testing-library/user-event: ^12.8.3 => 12.8.3
aws-amplify: ^4.3.4 => 4.3.4
react: ^17.0.2 => 17.0.2
react-dom: ^17.0.2 => 17.0.2
react-scripts: 4.0.3 => 4.0.3
web-vitals: ^1.1.2 => 1.1.2
npmGlobalPackages:
@aws-amplify/cli: 6.3.1
npm: 8.1.0
serve: 13.0.2
Describe the bug
DataStore is trying to call sync on private models without public access on first usage of DataStore.
Once for every model without public access:
Example for model Cart
[WARN] 38:53.62 DataStore - User is unauthorized to query syncCarts with auth mode AMAZON_COGNITO_USER_POOLS. No data could be returned.
Multiple warnings (for retrying to sync?):
Example
[WARN] 38:53.39 DataStore - subscriptionError AppSync Realtime subscription init error: No current user
After the IndexDB is setup everything runs fine. No more warnings until the IndexDB gets cleared.
Expected behavior
After calling DataStore.start() or DataStore.query() (etc.) for the first time there should be no warnings in the console about subscription and sync queries on not public models.
Reproduction steps
- Setting up a basic React app with Amplify following the docs https://docs.amplify.aws/start/getting-started/auth/q/integration/react/
- “aws_appsync_authenticationType”: “AMAZON_COGNITO_USER_POOLS”
- Create a model without public access:
type Cart
@model
@aws_cognito_user_pools
@auth(rules: [
{allow: owner},
{allow: groups, groups: ["Admin"], operations: [read, create, update, delete]}
]) {
id: ID!
owner: String!
products: [CartProduct]
}
- Configure multi auth for DataStore in index.js
import Amplify, { AuthModeStrategyType } from "aws-amplify";
import awsExports from "./aws-exports";
Amplify.configure({
...awsExports,
DataStore: {
authModeStrategyType: AuthModeStrategyType.MULTI_AUTH
},
});
- Calling DataStore.start() within the App() function in app.js (Note: I could also just call DataStore.start() or DataStory.query() with a button, doesn’t matter.
const clear = async () => {
await DataStore.clear();
console.info("Clear - DataStore");
};
const start = async () => {
clear();
await DataStore.start();
console.info("Start - DataStore");
};
useEffect(() => {
start();
}, []);
- See warnings in the console.
Code Snippet
// Put your code below this line.
Log output
// Put your logs below this line
aws-exports.js
const awsmobile = {
"aws_project_region": "eu-central-1",
"aws_appsync_graphqlEndpoint": "https://xxx.appsync-api.eu-central-1.amazonaws.com/graphql",
"aws_appsync_region": "eu-central-1",
"aws_appsync_authenticationType": "AMAZON_COGNITO_USER_POOLS",
"aws_appsync_apiKey": "xxx",
"aws_cognito_identity_pool_id": "eu-central-1:xxx",
"aws_cognito_region": "eu-central-1",
"aws_user_pools_id": "eu-central-1_xxx",
"aws_user_pools_web_client_id": "xxx",
"oauth": {},
"aws_cognito_login_mechanisms": [
"EMAIL"
],
"aws_cognito_signup_attributes": [
"EMAIL"
],
"aws_cognito_mfa_configuration": "OFF",
"aws_cognito_mfa_types": [
"SMS"
],
"aws_cognito_password_protection_settings": {
"passwordPolicyMinLength": xxx,
"passwordPolicyCharacters": [
"REQUIRES_LOWERCASE",
"REQUIRES_NUMBERS",
"REQUIRES_SYMBOLS",
"REQUIRES_UPPERCASE"
]
},
"aws_cognito_verification_mechanisms": [
"EMAIL"
],
"aws_user_files_s3_bucket": "xxx-dev",
"aws_user_files_s3_bucket_region": "eu-central-1"
};
export default awsmobile;
Manual configuration
No response
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
No response
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 27 (8 by maintainers)
Any updates on this ? I have the same problem.
Hey my problem got solved just do 1 thing,go to parameters.json in amplify/backend/api/apiName and add “createAPIKey”:1 and then run amplify push
Now probably your issue will get solved
Hi Dane,
Yes, I am sure that User is signed-in. in fact the app lands on a screen that the user must be signed in to be able to land on.
I noticed similar logs on different Apps (if that is what you mean by circumstances) that connect to the same Backend.
I did the following steps, as suggested to by a friend and got different errors. Thinking, possibly the api key was expired. So I followed the instructions here: https://docs.amplify.aws/cli-legacy/graphql-transformer/config-params/#createapikey , to delete and create a new api key.
And then this happened, Maybe it will help clarify:
But deleting the old Api key and creating a new one did not fix the problem, although it did change the type of rejection error from Amplify.
While I was creating the new Api key, I did get the following warning,as I did use both: APIKeyExpirationEpoch and CreateAPIKey parameters should not be used together because it can cause unwanted behavior. In the future APIKeyExpirationEpoch will be removed, use CreateAPIKey instead. (The Amplify push procedure fixed it itself… )
And after the push (while creating the new api key, I tried the App and got the following Warning: [WARN] 47:34.623 DataStore - subscriptionError, Connection failed: com.amazonaws.deepdish.graphql.auth#UnauthorizedException
So I decided to deploy the Authentication again and then pulled it… Just in case: Then I got this error: [WARN] 55:11.123 DataStore - subscriptionError, Connection failed: com.amazonaws.deepdish.graphql.auth#UnauthorizedException
Since It is a warning, I figured maybe it does not matter, but the reality is that my Backend is not updating with the DataStore posts anymore…
Hope this helps.
I wasn’t able to reproduce these errors unless I had no active user. Are you sure you are signing in a user before starting DataStore? https://docs.amplify.aws/lib/auth/getting-started/q/platform/js/#option-1-use-pre-built-ui-components
One of the shared log messages states
[WARN] 38:53.39 DataStore - subscriptionError AppSync Realtime subscription init error: No current user. NoteNo current user, so I think this may be the root cause.Although, I could imagine a use case to use DataStore for public models before a user has signed in. I don’t think it would be possible with DataStore now to prevent these messages without a feature to temporarily disable sync on a subset of models. Others have requested similar features, but not as something that could be switched on and off on the client https://github.com/aws-amplify/amplify-js/issues/10062.
Anyway, please correct me if you are seeing these logs in a different circumstance.
i got this error probably more than 6 months ago i dont quite remember how i solved this maybe it was a version conflict for me currently using this version “@aws-amplify/datastore”: “3.10.0”,
or try importing datastore from
import { DataStore } from ‘@aws-amplify/datastore’; or this import {DataStore} from ‘aws-amplify’
Hi Any updates? I have encountered a similar problems: DataStore - User is unauthorized to query syncUsers with auth mode API_KEY. No data could be returned
This happened right after installing TopTabNavigation to an expo project that was running without problems. Thanks