英文:
"Error: No current user" when calling unauthenticated graphql query from react app
问题
I've translated the text as requested:
我正试图按照Amplify文档的步骤,通过未经身份验证的请求公开暴露GraphQL mutation。从文档中看起来,这应该是可能的。
从CLI文档中:
> 您还可以覆盖授权提供程序。在下面的示例中,指定了iam作为提供程序,允许您使用Cognito身份池中的“未经身份验证角色”而不是API密钥进行公共访问。当您运行amplify add auth时,Amplify CLI会自动生成Cognito身份池中“未经身份验证角色”的范围缩减IAM策略。
从Library文档中:
> 当使用AWS_IAM进行公共API访问时,必须启用未经身份验证的登录。要启用未经身份验证的登录,请从命令行运行amplify update auth并选择“遍历所有auth配置”。
我已经按照这些步骤操作,启用了API上的未经身份验证角色(我可以看到在IAM中已创建未经身份验证角色)。以下是我正试图公开的操作:
type Mutation {
submitResponseMessage(message: String!): String!
@function(name: "myFunc-${env}")
@auth(rules: [{ allow: public, provider: iam }])
}
我可以成功通过AppSync控制台使用IAM身份验证测试此mutation操作,我注意到“Authorization”请求头包含“Credential =”、“SignedHeaders =”和“Signature =”等内容。
然而,从我的React应用程序中,我正在执行以下操作:
const response = await API.graphql(
graphqlOperation(
submitResponseMessage,
{message: "hello"},
'AWS_IAM'))
并且在浏览器控制台中出现以下错误:
error submitting response Error: No current user
at GraphQLAPIClass.<anonymous> (GraphQLAPI.ts:177:1)
at step (tslib.es6.js:100:1)
at Object.throw (tslib.es6.js:81:1)
at rejected (tslib.es6.js:72:1)
我是否遗漏了某个步骤?我是否正确理解,我的React应用程序与未经身份验证的用户应该能够通过IAM调用此操作?
英文:
I'm trying to follow the Amplify docs to expose a graphql mutation publicly via unauthenticated requests. From the docs, it seems like this should be possible.
From the CLI docs:
> You can also override the authorization provider. In the example
> below, iam is specified as the provider which allows you to use an
> "Unauthenticated Role" from the Cognito identity pool for public
> access instead of an API Key. When you run amplify add auth, the
> Amplify CLI generates scoped down IAM policies for the
> "Unauthenticated role" in Cognito identity pool automatically.
From the Library docs:
> When using AWS_IAM for public API access, unauthenticated logins must
> be enabled. To enable unauthenticated logins, run amplify update auth
> from the command line and choose Walkthrough all the auth
> configurations
I've followed these steps, enabling unauthenticated roles on the API (I can see that the unauthenticated role has been created in IAM). Here is the operation I'm trying to expose publicly:
type Mutation {
submitResponseMessage(message: String!): String!
@function(name: "myFunc-${env}")
@auth(rules: [{ allow: public, provider: iam }])
}
I can successfully test this mutation operation through the AppSync console using IAM authentication, and I notice that the "Authorization" request header includes stuff like "Credential=", "SignedHeaders=", and "Signature=".
However, from my React app, I'm doing this:
const response = await API.graphql(
graphqlOperation(
submitResponseMessage,
{message: "hello"},
'AWS_IAM'))
and it's giving this error in the browser console:
error submitting response Error: No current user
at GraphQLAPIClass.<anonymous> (GraphQLAPI.ts:177:1)
at step (tslib.es6.js:100:1)
at Object.throw (tslib.es6.js:81:1)
at rejected (tslib.es6.js:72:1)
Am I missing a step? Am I correctly understanding that my react app with an unauthenticated user should be able to invoke this operation via IAM?
答案1
得分: 0
看文档时,我的代码应该是这样的:
const response = await API.graphql({
query: submitResponseMessage,
variables: {message: "hello"},
authMode: 'AWS_IAM'})
这样修复了问题。我甚至不知道我从哪里得到了原始代码,可能是从 Copilot 得到的 🚀
英文:
Taking a closer look at the docs, my code was doing this:
const response = await API.graphql(
graphqlOperation(
submitResponseMessage,
{message: "hello"},
'AWS_IAM'))
But it was supposed to be this:
const response = await API.graphql({
query: submitResponseMessage,
variables: {message: "hello"},
authMode: 'AWS_IAM'})
This fixed the problem.
I don't even know where I got the original code .. might have been from copilot 🤦
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论