Reputation: 21
How to allow subscription to model without specifying 'update' operation in auth directive
We have a mobile app in which unauthenticated users should be able to read data and they should also see the live updates of Project resource. So we enabled graphql subscription to the Project resource, but we are getting unauthorized error when trying to subscribe to Project update.
We have tried the following:
From the aws-amplify documentation:
You may disable authorization checks on subscriptions or completely turn off subscriptions as well by specifying either public or off in @model: @model (subscriptions: { level: public }),
we have tried this but it is not working.
We have managed to make it working by specifying update in operations like bellow example
{ allow: public, provider: iam, operations: [read, update] }
But we don't want to give access to update operations to unauthorized users.
Our model Project is defined as this
type Project
@model(subscriptions: { level: public })
@auth(
rules: [
{
allow: private
provider: userPools
operations: [read, create, update, delete]
}
{ allow: public, provider: iam, operations: [read] }
]
) {
Reading is successful but when the client tries to subscribe to updates we get and error for the unauthorized access.
"errors": [
{
"path": [
"onUpdateProject"
],
"data": null,
"errorType": "Unauthorized",
"errorInfo": null,
"locations": [
{
"line": 2,
"column": 3,
"sourceName": null
}
],
"message": "Not Authorized to access onUpdateProject on type Subscription"
}
Is it possible to subscribe to updates without allowing read operations for the public?
Upvotes: 0
Views: 2199
Answers (1)
Reputation: 21
UPDATE:
It seams that there is bug with amplify cli version 3.15.0. When there is multi authentication enabled in the API like in our example, GraphQL Transformer doesn't generate required authentication directives to support all authentication types in our API.
The workaround for this issue would be to create custom Subscription for the API.
If you are experiencing a similar issue please refer to this GitHub issue => https://github.com/aws-amplify/amplify-cli/issues/2715
Upvotes: 2
Related Questions
- 'Unauthorized' error when using AWS amplify with grahql to create a new user
- Amplify API GraphQL - Unable to change local API Key with the one generated online
- Subscription UnauthorizedException warning on "update" of model. How to turn subscription off?
- AWS Amplify Graph API that can be accessed without authorization (login)
- Amplify GraphQL No Credentials Error in NextJs Application
- How to override AWS Amplify's authorizer in API Gateway
- Authorization error when updating a GraphQL object using aws-amplify
- How do you prevent updates to the ownerField of an AWS Amplify GraphQL API?
- Amplify @model @auth not adding owner from onCreate
- AppSync/Amplify - how to define GraphQL subscriptions