amplify-js: Graphql create API not working for FB login users
Before opening, please confirm:
- I have searched for duplicate or closed issues and discussions.
- I have read the guide for submitting bug reports.
- I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
JavaScript Framework
React
Amplify APIs
Authentication, GraphQL API
Amplify Categories
auth
Environment information
# Put output below this line
Describe the bug
I created an amplify application with email signup which is working perfectly. Recently, I added FB signin option in the application. The FB signin is successful. The get user API is also working. However, the create graphql APIs are not working with the error: Not Authorized to access createUser on type User
User graphql definition:
type User @model
@auth(rules: [
{allow: groups, groups: ["admin"]},
{allow: owner, ownerField: "id", operations: [create, update, delete]},
{allow: private, operations: [read]}
])
@key(fields: ["id"])
@key(name: "byUsername", fields: ["username"], queryField: "usersByUsername") {
id: ID!
username: String!
name: String!
}
Expected behavior
The create user graphql API should work for FB authenticated users as well.
Reproduction steps
N/A
Code Snippet
// Put your code below this line.
Log output
// Put your logs below this line
aws-exports.js
const awsmobile = {
"aws_project_region": "ap-south-1",
"aws_appsync_graphqlEndpoint": "https://****.appsync-api.ap-south-1.amazonaws.com/graphql",
"aws_appsync_region": "ap-south-1",
"aws_appsync_authenticationType": "AMAZON_COGNITO_USER_POOLS",
"aws_cognito_identity_pool_id": "ap-south-1:****",
"aws_cognito_region": "ap-south-1",
"aws_user_pools_id": "ap-south-1_****",
"aws_user_pools_web_client_id": "***",
"oauth": {
"domain": "<domain>.amazoncognito.com",
"scope": [
"phone",
"email",
"openid",
"profile",
"aws.cognito.signin.user.admin"
],
"redirectSignIn": "https://<domain>,http://localhost:3000",
"redirectSignOut": "https://<domain>,http://localhost:3000",
"responseType": "token"
},
"federationTarget": "COGNITO_USER_AND_IDENTITY_POOLS",
"aws_user_files_s3_bucket": "",
"aws_user_files_s3_bucket_region": "ap-south-1"
};
export default awsmobile;
Manual configuration
amplify/backend/backend-config.json
{
"api": {
"*****": {
"service": "AppSync",
"providerPlugin": "awscloudformation",
"output": {
"authConfig": {
"defaultAuthentication": {
"authenticationType": "AMAZON_COGNITO_USER_POOLS",
"userPoolConfig": {
"userPoolId": "*****"
}
},
"additionalAuthenticationProviders": [
{
"authenticationType": "AWS_IAM"
}
]
}
}
}
},
"auth": {
"*****": {
"service": "Cognito",
"providerPlugin": "awscloudformation",
"dependsOn": [],
"customAuth": false
}
},
"storage": {
"images": {
"service": "S3",
"providerPlugin": "awscloudformation"
}
}
}
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
No response
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 17 (8 by maintainers)
You are right. There was a user record with the same ID. I am able to create the user with username instead of sub.
What kind of user is trying to make that request?
Also are you using email or username login mechanism for Cognito users?
EDIT: If the mutation is failing with a Cognito user, make sure that there isn’t already a User record with their ID. That DynamoDB error can happen when trying to create a record with the same ID.