amplify-js: Does aws-amplify support guest/unauthorized user?

To setup Unauthenticated Access in your app, first off you need to set up Amazon Cognito to allow unauthenticated users.

• Choose Manage Federated Identities from the Amazon Cognito console:
• Click the name of the identity pool for which you want to enable or disable unauthenticated identities. The Dashboard page for your identity pool appears.
• In the top-right corner of the Dashboard page, click Edit identity pool. The Edit identity pool page appears.
• Scroll down and click Unauthenticated identities to expand it.
• Select the checkbox to enable or disable access to unauthenticated identities.
• Click Save Changes.

see for more https://docs.aws.amazon.com/cognito/latest/developerguide/identity-pools.html

Once you have set that up, then within your app all you need to do is call the currentCredentials method

import { Auth } from "aws-amplify";
...
Auth configuration
...
const anonymousUser = await Auth.currentCredentials()

which responds with an anonymous identity you can use in your app. This will work if of course you don’t have a real user signed in already.

Dear Aws-amplify developer

Do you have any update on this toppic? especially how to sey up the configure file or the attach the accesstoken to aws-amplify-graphOperation

I am stuck with this for long time. If you have any sample code please share me

thanks

@bishonbopanna No ETA yet but it’s currently on the roadmap and definitely a priority.

@CodySwannGT correct the multi auth GraphQL directives are not supported in the Amplify CLI yet, but that release is soon. You can track the PR here: https://github.com/aws-amplify/amplify-cli/pull/1524 However you can always go to the AppSync console for your API by running amplify console and then annotating your schema manually until that PR releases. Alternatively you can can use IAM authorization on your GraphQL API with Cognito Federated Identities which supports Guest access.

We’re currently working on making this easier via the CLI, but if you come upon this issue I’ve written up the steps on how to get this working at https://github.com/dabit3/appsync-auth-and-unauth.

^ how do you set that up/do that?

I’m gonna drop this since multiple discord users have been asking how to setup UN-authenticated users on their app. This should be preferred over using API_KEY as it is meant for development usage and tends to expire.

Amplify CLI:

1. amplify add api
2. Configure Cognito as your main authentication method.
3. If prompted for additional auth, select IAM (otherwise, go through amplify update api again).
4. amplify update auth.
5. Select Walkthrough auth settings
6. Go through some of steps until you are asked whether to enable unauthenticated logins. Enable it.
7. Go through more steps.
8. Finally, amplify push. (you might want to update the schema first)

Schema example: Take note of the auth directive used.

type Post @model @auth(rules: [{ allow: public, provider: iam }]) {
  id: ID!
  title: String!
}

In your app:

// top
import { API } from "aws-amplify";
import { GRAPHQL_AUTH_MODE } from "@aws-amplify/api";


// code
try {
  const response = await API.graphql({
    query: createJob,
    authMode: GRAPHQL_AUTH_MODE.AWS_IAM, // <-- you need to do this
    variables: {
      input: {
        user_name: data.name,
      },
    },
  });
} catch (err) {
  console.error(err);
}

Let me know if it helps, I’ll polish the instructions when I have time to spare

Thankyou @dabit3 for the response.

Created this article as a bonus to https://github.com/dabit3/appsync-auth-and-unauth to answer some specifics for using congnitoIdentityId to get the authorization right till the more permanent solution is rolled out.

https://medium.com/@bishonbopanna/appsync-how-to-allow-guest-access-while-limiting-authenticated-users-access-to-only-what-they-bfbb5b0c5706

Wouldn’t they just follow a sign up process?

On Mon, Dec 7, 2020 at 9:44 AM nubpro notifications@github.com wrote:

how can I convert this guest user into a authenticated user ?

I think this is a great question. Many of them have raised the same question of discord without getting any answers. Can someone from the Amplify team please answer this query?

@manueliglesias https://github.com/manueliglesias @dabit3 https://github.com/dabit3 @undefobj https://github.com/undefobj

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/aws-amplify/amplify-js/issues/711#issuecomment-739735723, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA62T5HCUKDRGCLN2AR7VW3STSBUZANCNFSM4E4B3MEQ .

–

Mithun Kalan mithunkalan@gmail.com

To be clear, currently Amplify does not support the multiple auth implementation of AppSync, so if I understand this correctly, it is currently impossible to allow guest access with cognito pool auth on.

We have a boot workaround that we’d love to get rid of:

const appSyncLink = createAppSyncLink({
  url: awsmobile.aws_appsync_graphqlEndpoint,
  region: awsmobile.aws_appsync_region,
  auth: {
    type: "AMAZON_COGNITO_USER_POOLS",
    jwtToken: async () => {
      try {
        const session = await Auth.currentSession();
        return session.getIdToken().getJwtToken();
      } catch(e) {
        if(!!process.env.REACT_APP_guest_user_name && !!process.env.REACT_APP_guest_password) {
          await Auth.signIn(process.env.REACT_APP_guest_user_name, process.env.REACT_APP_guest_password);
          const session = await Auth.currentSession();
          return session.getIdToken().getJwtToken();
        }
        return null;

      }
    },
  },
});

@sakhmedbayev great idea, we’ll go ahead and add this to the docs.