You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
AWS Amplify allows to override Authorization header for GraphQL API, this is useful for example if we want to pass cognito Id token instead of the access token (to utilize custom attributes in the auth rules in the GraphQL schema)
In previous version (aws-amplify/5.3.8 datastore/2 framework/1) When I override the auth logic with
Amplify.configure({
...awsExports,DataStore: {authModeStrategyType: AuthModeStrategyType.MULTI_AUTH,},// Use ID token instead of access token in API callsAPI: {graphql_headers: async()=>{constsession=awaitAuth.currentSession();return{Authorization: session.getIdToken().getJwtToken(),};},},});
DataStore worked fine with Xhr requests to AppSync and with subscriptions requests from Web-sockets as well.
Now after I migrated to v6. (aws-amplify/6.0.5 datastore/2 framework/1) I configure the same logic with a new syntax
But now only the Xhr requests uses the configured Auth headers, the websocket subscription requests ignores this setting and continues to use the access token.
I will attach a screenshot where you can see that the Auth header used in websocket is the access token.
Expected behavior
I would expect the websockets Subscription request to respect the Authorization header override too.
At least this is a breaking change, because in the v5 my setup works fine.
Reproduction steps
install aws amplify project
configure auth override (as provided in this issue)
use Auth rules that expect custom attribute claims like this one
See that POST requests pass the auth rules fine, but the subscription fails with the DataStore - subscriptionError Connection failed error message due to the fact that it continues to use access token which obviously fails the @auth rule checks
@ArsSirek, thanks for taking the time to comment that back and dig into our Discord server for the answer! I'll close this as duplicate, but feel free to open a new GH issue or ask further questions on Discord if needed.
Before opening, please confirm:
JavaScript Framework
React
Amplify APIs
Authentication, GraphQL API, DataStore, Storage
Amplify Categories
auth, storage, api
Environment information
Describe the bug
AWS Amplify allows to override Authorization header for GraphQL API, this is useful for example if we want to pass cognito Id token instead of the access token (to utilize custom attributes in the auth rules in the GraphQL schema)
In previous version (aws-amplify/5.3.8 datastore/2 framework/1) When I override the auth logic with
DataStore worked fine with Xhr requests to AppSync and with subscriptions requests from Web-sockets as well.
Now after I migrated to v6. (aws-amplify/6.0.5 datastore/2 framework/1) I configure the same logic with a new syntax
But now only the Xhr requests uses the configured Auth headers, the websocket subscription requests ignores this setting and continues to use the access token.
I will attach a screenshot where you can see that the Auth header used in websocket is the access token.
Expected behavior
I would expect the websockets Subscription request to respect the Authorization header override too.
At least this is a breaking change, because in the v5 my setup works fine.
Reproduction steps
DataStore - subscriptionError Connection failed
error message due to the fact that it continues to use access token which obviously fails the @auth rule checksCode Snippet
example GraphQL schema
Log output
aws-exports.js
No response
Manual configuration
No response
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
No response
The text was updated successfully, but these errors were encountered: