Lack support of using both API plugin multi-auth and DataStore plugin multi-auth in the same App #1867
Comments
HuiSF
added
datastore
|
Hello @dorontal thanks for opening this issue. The exception is self explanatory - Why do you need to modify the config file? I think multi-auth in Amplify library doesn't require manual modification. |
|
Hi @HuiSF -
I need to modify the config file because - as the documentation tells us - I need to have multi-Auth for Cognito work, see: |
|
Hi @dorontal thanks for the follow up and more details. The document listed multi-auth modes configuration for GraphQL and REST APIs is not applicable for DataStore use case at this moment. DataStore relies on single GraphQL API to back the sync engine, and resolves valid auth method by priority as multi-auth resolution. I will do the following
|
HuiSF
added
Documentation
|
@HuiSF - thanks very much for your response. I am unable to turn off multi-auth in my app. This is a feature request to enable multi-Auth for GraphQL queries. It seems to me that this is an essential feature. Regarding step 2 above - I'm not sure I understand - there is no need to specify which API to use for the Datastore Sync because as this link describes - multi-auth in Amplify library - Datastore's library does this selection (of authorization type) automatically -- see table after following the link to the documentation -- so the library already probably has code for that automatic selection of the proper API configuration to use (Datastore derives which auth to use, from the schema, as the doc points out) which would imply that this feature is almost fully implemented already. |
|
Hey @dorontal sorry for the confusion. those two steps are meant for me to take actions :D For point 2, taking your configuration, we should be able to do final datastore = AmplifyDataStore(
modelProvider: ModelProvider.instance,
apiName: 'tracktunesCognito',
);So when you have multiple GraphQL endpoints listed in the configuration, DataStore can still work. |
HuiSF
changed the title
amplifyconffiguration.dart
|
BTW, there is another named parameter (mentioned in the documentation) that must be added for using AmplifyDataStore(
modelProvider: ModelProvider.instance,
authModeStrategy: AuthModeStrategy.multiAuth,
),it was my understanding that the Datastore would try to automatically deduce which auth to use from the schema, when this flag Not sure why you want to add the |
|
|
|
The statement Thinking about the In the case of the [ I know Amplify Datastore it's still early code - so very grateful for this library overall, the benefits are immense! Thanks so much! ] |
|
I think there is misunderstanding here... The multi-auth modes for GraphQL and REST using Amplify API plugins is conceptually different from multi-auth in DataStore. The former - configure multiple APIs, each API is with a different auth mode, you choose which API to use in order to choose a specific auth mode. Configuring multi-auth modes in API doesn't do anything for DataStore multi-auth. Hope that makes sense. We need to introduce But if you don't need multiple GraphQL API endpoints (the configuration file has only 1 GraphQL endpoint), DataStore multi-auth is already supported. |
|
Hi @HuiSF, the issue is that when you configure the same GraphQL API endpoint with a Cognito user pool authorization type by adding a block in the Moreover, when I remove the Cognito Authorization section from the That is what I call a bug, not a feature request. I do not see how adding The only options I have right now are:
Why is this not a bug? |
|
As this
This implies that
I do not understand how adding |
|
Here's a summary of my findings:
Expand to see the configuration file of DataStore multi-authconst amplifyconfig = ''' {
"UserAgent": "aws-amplify-cli/2.0",
"Version": "1.0",
"api": {
"plugins": {
"awsAPIPlugin": {
"oncalltriagingca": {
"endpointType": "GraphQL",
"endpoint": "https://xxx.appsync-api.us-west-2.amazonaws.com/graphql",
"region": "us-west-2",
"authorizationType": "AMAZON_COGNITO_USER_POOLS",
"apiKey": "xxx"
}
}
}
},
"auth": {
"plugins": {
"awsCognitoAuthPlugin": {
"UserAgent": "aws-amplify-cli/0.1.0",
"Version": "0.1.0",
"IdentityManager": {
"Default": {}
},
"CredentialsProvider": {
"CognitoIdentity": {
"Default": {
"PoolId": "us-west-2:25e89d87-1f92-4b64-9b55-xxx",
"Region": "us-west-2"
}
}
},
"CognitoUserPool": {
"Default": {
"PoolId": "us-west-xxxx",
"AppClientId": "xxx",
"Region": "us-west-2"
}
},
"Auth": {
"Default": {
"authenticationFlowType": "CUSTOM_AUTH",
"socialProviders": [],
"usernameAttributes": [],
"signupAttributes": [
"EMAIL"
],
"passwordProtectionSettings": {
"passwordPolicyMinLength": 8,
"passwordPolicyCharacters": []
},
"mfaConfiguration": "OFF",
"mfaTypes": [
"SMS"
],
"verificationMechanisms": [
"EMAIL"
]
}
},
"AppSync": {
"Default": {
"ApiUrl": "https://xxx.appsync-api.us-west-2.amazonaws.com/graphql",
"Region": "us-west-2",
"AuthMode": "AMAZON_COGNITO_USER_POOLS",
"ClientDatabasePrefix": "oncalltriagingca_AMAZON_COGNITO_USER_POOLS"
},
"oncalltriagingca_API_KEY": {
"ApiUrl": "https://xxx.appsync-api.us-west-2.amazonaws.com/graphql",
"Region": "us-west-2",
"AuthMode": "API_KEY",
"ApiKey": "da2-xb2eywexpndhdobpzhlimp2mli",
"ClientDatabasePrefix": "oncalltriagingca_API_KEY"
},
"oncalltriagingca_AWS_IAM": {
"ApiUrl": "https://xxx.appsync-api.us-west-2.amazonaws.com/graphql",
"Region": "us-west-2",
"AuthMode": "AWS_IAM",
"ClientDatabasePrefix": "oncalltriagingca_AWS_IAM"
}
}
}
}
}
}''';
Hi @dorontal for the original issue you posted, it was due to point 4. Do you want to use multi-auth with API plugin, and also need DataStore in the same App? If so, unfortunately it's not working due to the reason explained above, we would need to provide the feature from DataStore allowing specifying which GraphQL endpoints to let DataStore use. Or do you want to use multi-auth for only DataStore? If so, please follow the Amplify CLI multi-auth configuration mentioned in point 3, and specify |
|
Hi @HuiSF - and thank you for your response and for the informative explanation. Nothing in this explanation is new to me, however, and this explanation is exactly my reason for opening this issue, specifically, your step 4 is this issue. Not using multi-auth in API is not an option for us. App is already using multi-auth with API plugin. It has to use multi-Auth, because it provides a services to people who don't even have an account and have never logged in (guests) like the ability to see a limited view of any user's profile or the ability to view publicly posted documents. But the GraphQL API also needs to provide many services to signed-in users, such as seeing private documents. So both API configurations are set up - one to use IAM and the other to use Cognito, as prescribed by the documentation and as you can see in One minor clarification of point #4 above: it's not that GraphQL uses multiple endpoints - there is always only one endpoint for GraphQL: if you look in my So yes, the conclusion remains the same: that DataStore is not yet usable when the GraphQL API is configured with more than one authorization type. I cannot use it. What's interesting is that the DataStore documentation on multi Auth seems to suggest that DataStore is supposed to work out of the box in this case when the GraphQL API is configured with more than one authorization type. The documentation even goes as far as to say that DataStore can pick the proper |
I was thinking GraphQL + different Auth = different endpoints as they are requiring different tokens.
This is based on the assumption configuring DataStore multi-auth using Amplify CLI. and -
DataStore picks up the auth info from the information under the The documentation is confusing, the API multi-auth is not related to DataStore multi-auth at all. :/ Will fix this. All this is due to a lack of support to use API plugin and DataStore plugin in the same App. The improvements are on their way. |
dorontal
changed the title
|
FYI, just noticed that there is another similar issue to this one - #1651 |
dorontal
changed the title
|
Does anybody have any idea when this issue will be fixed? |
|
Hi @dorontal amplify-flutter DataStore supports multi-auth. This issue is that the multi-auth for API plugin and multi-auth for DataStore are not compatible with each other as I explained in previous discussion. We've updated the documentation of multi-auth in API plugin to state this issue. This issue is also recorded in #1945 (point 5) to track the solution of this issue that is currently being investigated, thank you for your patience. |
|
Hi @HuiSF - thank you for the clarification that this is being dealt with, also for the clarification of the incompatibility issue, which I think I understand better now. Definitely will wait patiently but it's good to know that we are being listened to, thanks so much! |
Has this part been addressed? We have multiple GraphQL endpoints and need a way to specify for DataStore. |
|
Hi @HuiSF - what is your current ETA for resolving this issue? It has been around for almost six months - still unable to use DataStore because of it. Thanks. |
|
Hi @dorontal sorry for the delayed response and thanks for your patience, we are communicating with amplify-swift and amplify-android maintainers as well as relevant internal teams regarding this issue to determine a suitable long term solution. I'll update the progress. |
|
@HuiSF -- In case you were wondering why I believe multi-mode authorization is common / needed, here's our use case that demands it and which I believe is shared by many apps: I'm putting this use-case here also because maybe somebody can suggest a way to implement this use-case without using multi-auth, which would also allow us to move forward. Our use-case that needs multi-auth is this;
If we only needed parts 1 and 2 above, we'd be able to get by with Cognito authorization alone, no multi-auth needed. But if we want to share info about users with anybody, as in part 3, we must use IAM for that, hence we must use multi-auth in such an app. This use case is why I think this issue is very important not just to me, but to many others. It seems to me like it would be a common use case. |
|
BTW, for those of you who need a workaround, I am using this workaround: created a lambda function that performs the needed DB operation (just a GET, in my case); the lambda function is accessed by guest users via IAM and a REST API. |
HuiSF
changed the title
HuiSF
removed
the
Documentation
Description
When you have more than one Auth configured in
amplifyconfiguration.dart- the functionAmplify.DataStore.observeQuery()throws an exception. You can see in the console errors that are provided from the Android emulator that the failure is due to the fact that Amplify Flutter cannot yet handle multiple Auth in the same configuration file. But the Amplify Flutter documentation explains in detail that this should be available, (see https://docs.amplify.aws/lib/datastore/setup-auth-rules/q/platform/flutter/#configure-multiple-authorization-types).Here are the log lines from the VSCode console - those come from the Amplify libraries and/or Android libraries running on Android emulated OS:
Categories
Steps to Reproduce
amplifyconfiguration.dartso that under API you have one GraphQL API configuration block for withauthorizationType: AMAZON_COGNITO_USER_POOLSand in a second block under the sameapisection add a seond GraphQL API configuration block withauthorizationType: AWS_IAM(see how it's done in thetracktunesandtracktunesCognitosections inamplifyconfiguration.dartbelow).Amplify.Datastore.observeQuery(<YOUR MODEL>)at the start of your program and you'll see it crashing (check log lines in VSCode of the Android emulator, giving out the Android/Java-level exception details)Screenshots
No response
Platforms
Android Device/Emulator API Level
API 29
Environment
Dependencies
> flutter pub deps --no-dev --style=compact Dart SDK 2.17.5 Flutter SDK 3.0.4 tracktunes_app_aws 0.0.1-alpha.4 dependencies: - amplify_api 0.6.1 [amplify_api_android amplify_api_ios amplify_core amplify_flutter aws_common collection flutter meta plugin_platform_interface] - amplify_auth_cognito 0.6.1 [amplify_auth_cognito_android amplify_auth_cognito_ios amplify_core aws_common collection flutter meta plugin_platform_interface] - amplify_datastore 0.6.1 [flutter amplify_datastore_plugin_interface amplify_core plugin_platform_interface meta collection async] - amplify_flutter 0.6.1 [amplify_core amplify_datastore_plugin_interface amplify_flutter_android amplify_flutter_ios aws_common collection flutter meta plugin_platform_interface] - amplify_storage_s3 0.6.1 [amplify_storage_s3_android amplify_storage_s3_ios amplify_core aws_common flutter meta plugin_platform_interface] - cupertino_icons 1.0.5 - flutter 0.0.0 [characters collection material_color_utilities meta vector_math sky_engine] - flutter_hooks 0.18.5+1 [flutter] - google_fonts 3.0.1 [flutter http path_provider crypto] - hooks_riverpod 1.0.4 [collection flutter flutter_hooks flutter_riverpod riverpod state_notifier] - image 3.2.0 [archive meta xml] - image_picker 0.8.5+3 [flutter image_picker_android image_picker_for_web image_picker_ios image_picker_platform_interface] - path_provider 2.0.11 [flutter path_provider_android path_provider_ios path_provider_linux path_provider_macos path_provider_platform_interface path_provider_windows] - rflutter_alert 2.0.4 [flutter] transitive dependencies: - amplify_api_android 0.6.1 [flutter] - amplify_api_ios 0.6.1 [amplify_core flutter] - amplify_auth_cognito_android 0.6.1 [flutter] - amplify_auth_cognito_ios 0.6.1 [amplify_core flutter] - amplify_core 0.6.1 [aws_common collection flutter intl json_annotation meta plugin_platform_interface uuid] - amplify_datastore_plugin_interface 0.6.1 [amplify_core collection flutter meta] - amplify_flutter_android 0.6.1 [flutter] - amplify_flutter_ios 0.6.1 [amplify_core flutter] - amplify_storage_s3_android 0.6.1 [flutter] - amplify_storage_s3_ios 0.6.1 [flutter] - archive 3.3.0 [crypto path] - async 2.8.2 [collection meta] - aws_common 0.1.1 [async collection http meta stream_transform uuid] - characters 1.2.0 - charcode 1.3.1 - clock 1.1.0 - collection 1.16.0 - cross_file 0.3.3+1 [js meta] - crypto 3.0.2 [typed_data] - ffi 2.0.1 - file 6.1.2 [meta path] - flutter_plugin_android_lifecycle 2.0.6 [flutter] - flutter_riverpod 1.0.4 [collection flutter meta riverpod state_notifier] - flutter_web_plugins 0.0.0 [flutter js characters collection material_color_utilities meta vector_math] - http 0.13.4 [async http_parser meta path] - http_parser 4.0.1 [collection source_span string_scanner typed_data] - image_picker_android 0.8.5+1 [flutter flutter_plugin_android_lifecycle image_picker_platform_interface] - image_picker_for_web 2.1.8 [flutter flutter_web_plugins image_picker_platform_interface] - image_picker_ios 0.8.5+5 [flutter image_picker_platform_interface] - image_picker_platform_interface 2.5.0 [cross_file flutter http plugin_platform_interface] - intl 0.17.0 [clock path] - js 0.6.4 - json_annotation 4.5.0 [meta] - material_color_utilities 0.1.4 - meta 1.7.0 - path 1.8.1 - path_provider_android 2.0.16 [flutter path_provider_platform_interface] - path_provider_ios 2.0.10 [flutter path_provider_platform_interface] - path_provider_linux 2.1.7 [ffi flutter path path_provider_platform_interface xdg_directories] - path_provider_macos 2.0.6 [flutter path_provider_platform_interface] - path_provider_platform_interface 2.0.4 [flutter platform plugin_platform_interface] - path_provider_windows 2.1.0 [ffi flutter path path_provider_platform_interface win32] - petitparser 5.0.0 [meta] - platform 3.1.0 - plugin_platform_interface 2.1.2 [meta] - process 4.2.4 [file path platform] - riverpod 1.0.3 [collection meta state_notifier] - sky_engine 0.0.99 - source_span 1.8.2 [collection path term_glyph] - state_notifier 0.7.2+1 [meta] - stream_transform 2.0.0 - string_scanner 1.1.0 [charcode source_span] - term_glyph 1.2.0 - typed_data 1.3.1 [collection] - uuid 3.0.6 [crypto] - vector_math 2.1.2 - win32 2.7.0 [ffi] - xdg_directories 0.2.0+1 [meta path process] - xml 6.1.0 [collection meta petitparser]Device
Samsung Galaxy S7 -- emulated
OS
Android 8
CLI Version
9.1.0
Additional Context
Here's the
amplifyconfiguration.dartfile:The text was updated successfully, but these errors were encountered: