amplify-js
amplify-js copied to clipboard
aws-amplify
Datastore warning: User is unauthorized to query sync with auth mode.
Before opening, please confirm:
- [X] I have searched for duplicate or closed issues and discussions.
- [X] I have read the guide for submitting bug reports.
- [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
JavaScript Framework
React
Amplify APIs
DataStore
Amplify Categories
storage, api
Environment information
System:
OS: macOS 12.0.1
CPU: (8) arm64 Apple M1
Memory: 72.70 MB / 16.00 GB
Shell: 5.8 - /bin/zsh
Binaries:
Node: 17.0.1 - /opt/homebrew/bin/node
npm: 8.1.0 - /opt/homebrew/bin/npm
Watchman: 2021.10.18.00 - /opt/homebrew/bin/watchman
Browsers:
Chrome: 95.0.4638.69
Safari: 15.1
npmPackages:
@aws-amplify/ui-react: ^1.2.22 => 1.2.22
@testing-library/jest-dom: ^5.15.0 => 5.15.0
@testing-library/react: ^11.2.7 => 11.2.7
@testing-library/user-event: ^12.8.3 => 12.8.3
aws-amplify: ^4.3.4 => 4.3.4
react: ^17.0.2 => 17.0.2
react-dom: ^17.0.2 => 17.0.2
react-scripts: 4.0.3 => 4.0.3
web-vitals: ^1.1.2 => 1.1.2
npmGlobalPackages:
@aws-amplify/cli: 6.3.1
npm: 8.1.0
serve: 13.0.2
Describe the bug
DataStore is trying to call sync on private models without public access on first usage of DataStore.
Once for every model without public access:
Example for model Cart
[WARN] 38:53.62 DataStore - User is unauthorized to query syncCarts with auth mode AMAZON_COGNITO_USER_POOLS. No data could be returned.
Multiple warnings (for retrying to sync?):
Example
[WARN] 38:53.39 DataStore - subscriptionError AppSync Realtime subscription init error: No current user
After the IndexDB is setup everything runs fine. No more warnings until the IndexDB gets cleared.
Expected behavior
After calling DataStore.start() or DataStore.query() (etc.) for the first time there should be no warnings in the console about subscription and sync queries on not public models.
Reproduction steps
- Setting up a basic React app with Amplify following the docs https://docs.amplify.aws/start/getting-started/auth/q/integration/react/
- "aws_appsync_authenticationType": "AMAZON_COGNITO_USER_POOLS"
- Create a model without public access:
type Cart
@model
@aws_cognito_user_pools
@auth(rules: [
{allow: owner},
{allow: groups, groups: ["Admin"], operations: [read, create, update, delete]}
]) {
id: ID!
owner: String!
products: [CartProduct]
}
- Configure multi auth for DataStore in index.js
import Amplify, { AuthModeStrategyType } from "aws-amplify";
import awsExports from "./aws-exports";
Amplify.configure({
...awsExports,
DataStore: {
authModeStrategyType: AuthModeStrategyType.MULTI_AUTH
},
});
- Calling DataStore.start() within the App() function in app.js (Note: I could also just call DataStore.start() or DataStory.query() with a button, doesn't matter.
const clear = async () => {
await DataStore.clear();
console.info("Clear - DataStore");
};
const start = async () => {
clear();
await DataStore.start();
console.info("Start - DataStore");
};
useEffect(() => {
start();
}, []);
- See warnings in the console.
Code Snippet
// Put your code below this line.
Log output
// Put your logs below this line
aws-exports.js
const awsmobile = {
"aws_project_region": "eu-central-1",
"aws_appsync_graphqlEndpoint": "https://xxx.appsync-api.eu-central-1.amazonaws.com/graphql",
"aws_appsync_region": "eu-central-1",
"aws_appsync_authenticationType": "AMAZON_COGNITO_USER_POOLS",
"aws_appsync_apiKey": "xxx",
"aws_cognito_identity_pool_id": "eu-central-1:xxx",
"aws_cognito_region": "eu-central-1",
"aws_user_pools_id": "eu-central-1_xxx",
"aws_user_pools_web_client_id": "xxx",
"oauth": {},
"aws_cognito_login_mechanisms": [
"EMAIL"
],
"aws_cognito_signup_attributes": [
"EMAIL"
],
"aws_cognito_mfa_configuration": "OFF",
"aws_cognito_mfa_types": [
"SMS"
],
"aws_cognito_password_protection_settings": {
"passwordPolicyMinLength": xxx,
"passwordPolicyCharacters": [
"REQUIRES_LOWERCASE",
"REQUIRES_NUMBERS",
"REQUIRES_SYMBOLS",
"REQUIRES_UPPERCASE"
]
},
"aws_cognito_verification_mechanisms": [
"EMAIL"
],
"aws_user_files_s3_bucket": "xxx-dev",
"aws_user_files_s3_bucket_region": "eu-central-1"
};
export default awsmobile;
Manual configuration
No response
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
No response
Hi Any updates? I have encountered a similar problems: DataStore - User is unauthorized to query syncUsers with auth mode API_KEY. No data could be returned
This happened right after installing TopTabNavigation to an expo project that was running without problems. Thanks
same problem everything is working fine but this warning scares me everytime how to get rid of this
@danishazmat
Have you managed it tough? For me it's more than a warning, my App depends entirely in retrieving info from DataStore, so basically it crashes completely...
i got this error probably more than 6 months ago i dont quite remember how i solved this maybe it was a version conflict for me currently using this version "@aws-amplify/datastore": "3.10.0",
or try importing datastore from
import { DataStore } from '@aws-amplify/datastore'; or this import {DataStore} from 'aws-amplify'
I wasn't able to reproduce these errors unless I had no active user. Are you sure you are signing in a user before starting DataStore? https://docs.amplify.aws/lib/auth/getting-started/q/platform/js/#option-1-use-pre-built-ui-components
One of the shared log messages states [WARN] 38:53.39 DataStore - subscriptionError AppSync Realtime subscription init error: No current user. Note No current user, so I think this may be the root cause.
Although, I could imagine a use case to use DataStore for public models before a user has signed in. I don't think it would be possible with DataStore now to prevent these messages without a feature to temporarily disable sync on a subset of models. Others have requested similar features, but not as something that could be switched on and off on the client https://github.com/aws-amplify/amplify-js/issues/10062.
Anyway, please correct me if you are seeing these logs in a different circumstance.
Hi Dane,
Yes, I am sure that User is signed-in. in fact the app lands on a screen that the user must be signed in to be able to land on.
I noticed similar logs on different Apps (if that is what you mean by circumstances) that connect to the same Backend.
I did the following steps, as suggested to by a friend and got different errors. Thinking, possibly the api key was expired. So I followed the instructions here: https://docs.amplify.aws/cli-legacy/graphql-transformer/config-params/#createapikey , to delete and create a new api key.
And then this happened, Maybe it will help clarify:
But deleting the old Api key and creating a new one did not fix the problem, although it did change the type of rejection error from Amplify.
While I was creating the new Api key, I did get the following warning,as I did use both: APIKeyExpirationEpoch and CreateAPIKey parameters should not be used together because it can cause unwanted behavior. In the future APIKeyExpirationEpoch will be removed, use CreateAPIKey instead. (The Amplify push procedure fixed it itself... )
And after the push (while creating the new api key, I tried the App and got the following Warning: [WARN] 47:34.623 DataStore - subscriptionError, Connection failed: com.amazonaws.deepdish.graphql.auth#UnauthorizedException
So I decided to deploy the Authentication again and then pulled it.. Just in case: Then I got this error: [WARN] 55:11.123 DataStore - subscriptionError, Connection failed: com.amazonaws.deepdish.graphql.auth#UnauthorizedException
Since It is a warning, I figured maybe it does not matter, but the reality is that my Backend is not updating with the DataStore posts anymore..
Hope this helps.
@LEOJESUSMENA I believe you are experiencing a different issue than the one originally outlined above. Have you referred to this doc for selecting the correct authorization strategy? https://docs.amplify.aws/cli/graphql/authorization-rules/#authorization-strategies
Hi again Dane, Maybe so, I did notice a slight difference in the issue subject, but I figured it could be related as the error/warning message does start with the same wording: "....... User is unauthorized to query syncUsers with auth mode API_KEY. No data could be returned ......." The thing is that this was the only forum that found with the closest name to my issue.
I guess you suggest I create a whole new issue with my case. (?)..
What is frustrating is that everything was working fine, and suddenly I got that message. (My project involves 3 apps, connected to the same backend that is now not working). It did make sense to me that this could be related to an apikey expiration. But creating a new api key did not fix it.
I also noticed that the original issue in the thread has NOT been solved, or a solution has not been published.
Thanks
It's hard to say if your issue is a bug with Amplify or a configuration error. Have you tried the Discord?
hello dear , i am also having the same issue : DataStore - User is unauthorized to query syncRestaurants with auth mode API_KEY. No data could be returned. and i have also connected my project(3 apps) with the same backend, application is working but datastore is not able to query data from aws amplify, please help me if the issue gets solved
Hi again Dane, Maybe so, I did notice a slight difference in the issue subject, but I figured it could be related as the error/warning message does start with the same wording: "....... User is unauthorized to query syncUsers with auth mode API_KEY. No data could be returned ......." The thing is that this was the only forum that found with the closest name to my issue.
I guess you suggest I create a whole new issue with my case. (?)..
What is frustrating is that everything was working fine, and suddenly I got that message. (My project involves 3 apps, connected to the same backend that is now not working). It did make sense to me that this could be related to an apikey expiration. But creating a new api key did not fix it.
I also noticed that the original issue in the thread has NOT been solved, or a solution has not been published.
Thanks
Hey my problem got solved just do 1 thing,go to parameters.json in amplify/backend/api/apiName and add "createAPIKey":1 and then run amplify push
Now probably your issue will get solved
Before opening, please confirm:
- [x] I have searched for duplicate or closed issues and discussions.
- [x] I have read the guide for submitting bug reports.
- [x] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
JavaScript Framework
React
Amplify APIs
DataStore
Amplify Categories
storage, api
Environment information
Describe the bug
DataStore is trying to call sync on private models without public access on first usage of DataStore.
Once for every model without public access: Example for model Cart
[WARN] 38:53.62 DataStore - User is unauthorized to query syncCarts with auth mode AMAZON_COGNITO_USER_POOLS. No data could be returned.Multiple warnings (for retrying to sync?): Example
[WARN] 38:53.39 DataStore - subscriptionError AppSync Realtime subscription init error: No current userAfter the IndexDB is setup everything runs fine. No more warnings until the IndexDB gets cleared.
Expected behavior
After calling DataStore.start() or DataStore.query() (etc.) for the first time there should be no warnings in the console about subscription and sync queries on not public models.
Reproduction steps
- Setting up a basic React app with Amplify following the docs https://docs.amplify.aws/start/getting-started/auth/q/integration/react/
- "aws_appsync_authenticationType": "AMAZON_COGNITO_USER_POOLS"
- Create a model without public access:
type Cart @model @aws_cognito_user_pools @auth(rules: [ {allow: owner}, {allow: groups, groups: ["Admin"], operations: [read, create, update, delete]} ]) { id: ID! owner: String! products: [CartProduct] }
- Configure multi auth for DataStore in index.js
import Amplify, { AuthModeStrategyType } from "aws-amplify"; import awsExports from "./aws-exports"; Amplify.configure({ ...awsExports, DataStore: { authModeStrategyType: AuthModeStrategyType.MULTI_AUTH }, });
- Calling DataStore.start() within the App() function in app.js (Note: I could also just call DataStore.start() or DataStory.query() with a button, doesn't matter.
const clear = async () => { await DataStore.clear(); console.info("Clear - DataStore"); }; const start = async () => { clear(); await DataStore.start(); console.info("Start - DataStore"); }; useEffect(() => { start(); }, []);
- See warnings in the console.
Code Snippet
// Put your code below this line.Log output
aws-exports.js
const awsmobile = { "aws_project_region": "eu-central-1", "aws_appsync_graphqlEndpoint": "https://xxx.appsync-api.eu-central-1.amazonaws.com/graphql", "aws_appsync_region": "eu-central-1", "aws_appsync_authenticationType": "AMAZON_COGNITO_USER_POOLS", "aws_appsync_apiKey": "xxx", "aws_cognito_identity_pool_id": "eu-central-1:xxx", "aws_cognito_region": "eu-central-1", "aws_user_pools_id": "eu-central-1_xxx", "aws_user_pools_web_client_id": "xxx", "oauth": {}, "aws_cognito_login_mechanisms": [ "EMAIL" ], "aws_cognito_signup_attributes": [ "EMAIL" ], "aws_cognito_mfa_configuration": "OFF", "aws_cognito_mfa_types": [ "SMS" ], "aws_cognito_password_protection_settings": { "passwordPolicyMinLength": xxx, "passwordPolicyCharacters": [ "REQUIRES_LOWERCASE", "REQUIRES_NUMBERS", "REQUIRES_SYMBOLS", "REQUIRES_UPPERCASE" ] }, "aws_cognito_verification_mechanisms": [ "EMAIL" ], "aws_user_files_s3_bucket": "xxx-dev", "aws_user_files_s3_bucket_region": "eu-central-1" }; export default awsmobile;Manual configuration
No response
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
No response
Hey my problem got solved just do 1 thing,go to parameters.json in amplify/backend/api/apiName and add "createAPIKey":1 and then run amplify push
Now probably your issue will get solved
Hi Het, Thanks for the hint. I tried that once and did not work. But I will try it again. If it does work I will report here. Thank you.
On Tue, Aug 2, 2022 at 04:32 Het Patel @.***> wrote:
Hi again Dane, Maybe so, I did notice a slight difference in the issue subject, but I figured it could be related as the error/warning message does start with the same wording: "....... User is unauthorized to query syncUsers with auth mode API_KEY. No data could be returned ......." The thing is that this was the only forum that found with the closest name to my issue.
I guess you suggest I create a whole new issue with my case. (?)..
What is frustrating is that everything was working fine, and suddenly I got that message. (My project involves 3 apps, connected to the same backend that is now not working). It did make sense to me that this could be related to an apikey expiration. But creating a new api key did not fix it.
I also noticed that the original issue in the thread has NOT been solved, or a solution has not been published.
Thanks
Hey my problem got solved just do 1 thing,go to parameters.json in amplify/backend/api/apiName and add "createAPIKey":1 and then run amplify push
Now probably your issue will get solved
— Reply to this email directly, view it on GitHub https://github.com/aws-amplify/amplify-js/issues/9179#issuecomment-1202363355, or unsubscribe https://github.com/notifications/unsubscribe-auth/AYDWGRRTX3U6FICQMSJ42PTVXEBLBANCNFSM5HRJ3YIA . You are receiving this because you were mentioned.Message ID: @.***>
Hi Het, Thanks for the hint. I tried that once and did not work. But I will try it again. If it does work I will report here. Thank you. …
Actually there is one edit😅 CreateAPIKey:1 will work just make sure that c is capital, and if it still doesn’t works than just report here i’ll find some other solution…
@LEOJESUSMENA were you able to try and see if it worked for you?
Hi Chris, Thanks for reaching out. To be honest I have not had a chance, but I will make some time and give a reply by tomorrow. However, like I said before, I had already tried it and it did not work the first time. Thanks
I was having this error today; in my case I had a table with an data inserted incorrectly (I knew that something was wrong with that table, because the amplify panel could not show the data). I removed the table and followed the documentation in the section: CreateAPIKey
I'm going to close this issue out since some have found the issue in their configuration but others might be running into a different issue. If anyone is still experiencing this issue, please check a few things:
1.Ensure that the user is authenticated completely (check via Auth.currentAuthenticatedUser and/or localStorage for jwt tokens) 2. Your API Key is not expired. If it is, create a new one as mentioned above by following this documentation 3. That the default authorization mode configured in your API resource is allowed to access the model that is not syncing. If not, and you are using more than one kind of auth mode in your schema, make sure to enable MULTI_AUTH for DataStore.
If none of the above fixes the issue with models syncing, please open a new issue and fill out the bug form to include your GraphQL schema, code snippets where you are configuring Amplify and/or DataStore, and any error logs (both console and network activity).
Hi Dane,
Yes, I am sure that User is signed-in. in fact the app lands on a screen that the user must be signed in to be able to land on.
I noticed similar logs on different Apps (if that is what you mean by circumstances) that connect to the same Backend.
I did the following steps, as suggested to by a friend and got different errors. Thinking, possibly the api key was expired. So I followed the instructions here:
https://docs.amplify.aws/cli-legacy/graphql-transformer/config-params/#createapikey , to delete and create a new api key.
And then this happened, Maybe it will help clarify:
But deleting the old Api key and creating a new one did not fix the problem, although it did change the type of rejection error from Amplify.
While I was creating the new Api key, I did get the following warning,as I did use both: APIKeyExpirationEpoch and CreateAPIKey parameters should not be used together because it can cause unwanted behavior. In the future APIKeyExpirationEpoch will be removed, use CreateAPIKey instead. (The Amplify push procedure fixed it itself... )
And after the push (while creating the new api key, I tried the App and got the following Warning: [WARN] 47:34.623 DataStore - subscriptionError, Connection failed: com.amazonaws.deepdish.graphql.auth#UnauthorizedException
So I decided to deploy the Authentication again and then pulled it.. Just in case: Then I got this error: [WARN] 55:11.123 DataStore - subscriptionError, Connection failed: com.amazonaws.deepdish.graphql.auth#UnauthorizedException
Since It is a warning, I figured maybe it does not matter, but the reality is that my Backend is not updating with the DataStore posts anymore..
Hope this helps.
On Tue, Jul 19, 2022 at 11:59 AM Dane Pilcher @.***> wrote:
I wasn't able to reproduce these errors unless I had no active user. Are you sure you are signing in a user before starting DataStore? https://docs.amplify.aws/lib/auth/getting-started/q/platform/js/#option-1-use-pre-built-ui-components
One of the shared log messages states [WARN] 38:53.39 DataStore - subscriptionError AppSync Realtime subscription init error: No current user. Note No current user, so I think this may be the root cause.
Although, I could imagine a use case to use DataStore for public models before a user has signed in. I don't think it would be possible with DataStore now to prevent these messages without a feature to temporarily disable sync on a subset of models. Others have requested similar features, but not as something that could be switched on and off on the client #10062 https://github.com/aws-amplify/amplify-js/issues/10062.
Anyway, please correct me if you are seeing these logs in a different circumstance.
— Reply to this email directly, view it on GitHub https://github.com/aws-amplify/amplify-js/issues/9179#issuecomment-1189446273, or unsubscribe https://github.com/notifications/unsubscribe-auth/AYDWGRUC2QYE6S6S5KTCZYDVU33HVANCNFSM5HRJ3YIA . You are receiving this because you commented.Message ID: @.***>
I am still having difficulty reproducing the error unfortunately. Could you run amplify diagnose --send-report (docs) in your project and comment with the outputted ID.
Hi @dpilch it looks like it's not possible to globally allow connections if Cognito is configured together with API Keys. After I deleted the backend, including the local amplify directory (deleting the local amplify directory was very important), and only used API key-based authentication, that error was gone, but I ran into another issue; the IndexDB couldn't be initialized when I added Datastore to my NextJS 12 project. As I got stuck with many issues, and don't seem to get how Amplify works under the hood, I'm thinking about moving back to Lambda/REST for the moment. It's more work, but I feel more in control.
Hey @chstrong, could you open a separate issue to track the IndexedDB issue you mentioned if you are still experiencing it?
Going to close this out and point to my previous comment for anyone else running into the User is unauthorized error.
https://github.com/aws-amplify/amplify-js/issues/9179#issuecomment-1239465517
was getting similar errors even after updating api key expiration date, then I tried 'amplify update auth' -> 'create or update admin queries API' etc. and then the errors went away
