React app with Cognito User pool: Not authorized to access API


I started with a new React project with AWS Amplify (using the Authenicator from the aws-amplify-react library), added an API and Auth with API Key and Cognito user pool. I'm able to log in with a user from my Cognito user pool and query and mutate my items in DynamoDB over the GraphQL API in the React client.

Until this point, everything was authorized by the API Key which should only allow read access for unauthenticated users. To restrict access to regsitered users, I added the following @Auth annotations in the model:

type Event @model 
    rules: [
      { allow: owner, operations: [create, update, delete], ownerField: "username" },
      { allow: public }

When I now try to create a new item (an event in the my app), I get this error:
Not Authorized to access createEvent on type Mutation

Even though I'm logged in with a user from Cognito, the API is accessed with the API key. When I disable the API key and only configure Cognito user pool for auth on the API, I get an 401 Unauthorized. When calling the GraphQL mutations, my credentials are not provided. Also the owner field is not set. Did I miss something in my settings?

asked 4 years ago3623 views
1 Answer

I found a solution by setting the following parameter on each request:


In retrospect, it seems logical to set the authMode on a query or mutation if you have multiple auth options configured. However, many tutorials and documentation only cover how to add authentication to the project and configure the @model with @auth. The fact that the auth mode has to be specified for every query or mutation is often not described in detail.

answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions