Multi Auth is not honored in flutter

[yazoonic]

Description

When you configure your API schemas with multi auth (i.e. owner with custom field name and Private)
when you generate models you will see something like this

modelSchemaDefinition.authRules = [
AuthRule(
authStrategy: AuthStrategy.OWNER,
ownerField: "subID",
identityClaim: "cognito:username",
provider: AuthRuleProvider.USERPOOLS,
operations: [
ModelOperation.CREATE,
ModelOperation.UPDATE,
ModelOperation.DELETE,
ModelOperation.READ
]),
AuthRule(
authStrategy: AuthStrategy.PRIVATE,
operations: [
ModelOperation.CREATE,
ModelOperation.UPDATE,
ModelOperation.DELETE,
ModelOperation.READ
])
];

Now this will fail under Caused by: GraphQLResponseException{message=Subscription error for Entries: [GraphQLResponse.Error{message='Validation error of type UnknownArgument: Unknown field argument subID @ 'onDeleteEntries'', locations='null', path='null', extensions='null'}], errors=[GraphQLResponse.Error{message='Validation error of type UnknownArgument: Unknown field argument subID @ 'onDeleteEntries'', locations='null', path='null', extensions='null'}], recoverySuggestion=See attached list of GraphQLResponse.Error objects.}

samething with oncreate and onupdate

if you remove the owner authfield from the code above, it will work..

The strange part is, this is working on native code (ios at least ) but in flutter it is failing for ios and android.

Categories

• Analytics
• API (REST)
• API (GraphQL)
• Auth
• Authenticator
• DataStore
• Storage

Steps to Reproduce

configure your schema with multi auth as below

type Entries @model @auth(rules: [ { allow: owner,ownerField: "subID"},{ allow: private}]) {

push and generate code models

you will get something like this in Entries.dart

modelSchemaDefinition.authRules = [
AuthRule(
authStrategy: AuthStrategy.OWNER,
ownerField: "subID",
identityClaim: "cognito:username",
provider: AuthRuleProvider.USERPOOLS,
operations: [
ModelOperation.CREATE,
ModelOperation.UPDATE,
ModelOperation.DELETE,
ModelOperation.READ
]),
AuthRule(
authStrategy: AuthStrategy.PRIVATE,
operations: [
ModelOperation.CREATE,
ModelOperation.UPDATE,
ModelOperation.DELETE,
ModelOperation.READ
])
];

this will not work, if you remove Owner from the code above it will work..

if you push the scehma with type Entries @model @auth(rules: [ { allow: owner,ownerField: "subID"}]) {
this will work completely fine with owner alone.

I am toward an issue with CLI itself and generate code models .. but this needs more investigation.

---

Screenshots

No response

Platforms

• iOS
• Android
• Web
• macOS
• Windows
• Linux

Android Device/Emulator API Level

API 31

Environment

doctor --verbose
[✓] Flutter (Channel stable, 3.0.5, on macOS 12.5.1 21G83 darwin-x64, locale en-US)
    • Flutter version 3.0.5 
    • Upstream repository https://github.com/flutter/flutter.git
    • Framework revision f1875d570e (8 weeks ago), 2022-07-13 11:24:16 -0700
    • Engine revision e85ea0e79c
    • Dart version 2.17.6
    • DevTools version 2.12.2

[✓] Android toolchain - develop for Android devices (Android SDK version 33.0.0)
    • Android SDK 
    • Platform android-32, build-tools 33.0.0
    • ANDROID_HOME 
    • Java binary at: /Applications/Android Studio.app/Contents/jre/Contents/Home/bin/java
    • Java version OpenJDK Runtime Environment (build 11.0.12+0-b1504.28-7817840)
    • All Android licenses accepted.

[✓] Xcode - develop for iOS and macOS (Xcode 13.4.1)
    • Xcode at /Applications/Xcode.app/Contents/Developer
    • CocoaPods version 1.11.3

[✓] Chrome - develop for the web
    • Chrome at /Applications/Google Chrome.app/Contents/MacOS/Google Chrome

[✓] Android Studio (version 2021.2)
    • Android Studio at /Applications/Android Studio.app/Contents
    • Flutter plugin can be installed from:
      🔨 https://plugins.jetbrains.com/plugin/9212-flutter
    • Dart plugin can be installed from:
      🔨 https://plugins.jetbrains.com/plugin/6351-dart
    • Java version OpenJDK Runtime Environment (build 11.0.12+0-b1504.28-7817840)

[✓] VS Code (version 1.70.1)
    • VS Code at /Applications/Visual Studio Code.app/Contents
    • Flutter extension can be installed from:
      🔨 https://marketplace.visualstudio.com/items?itemName=Dart-Code.flutter

[✓] Connected device (5 available)
    • Pixel XL (mobile)          • HT6AD0202995                         • android-arm64  • Android 10 (API 29)
    • Ya(mobile)      • 00008020-001450283AEA002E            • ios            • iOS 15.5 19F77
    • iPhone 11 Pro Max (mobile) • A4F2CB98-1C81-4B69-949C-329AB97FE87E • ios            • com.apple.CoreSimulator.SimRuntime.iOS-15-5 (simulator)
    • macOS (desktop)            • macos                                • darwin-x64     • macOS 12.5.1 21G83 darwin-x64
    • Chrome (web)               • chrome                               • web-javascript • Google Chrome 105.0.5195.102

[✓] HTTP Host Availability
    • All required HTTP hosts are available

• No issues found!
Process finished with exit code 0

Dependencies

Dart SDK 2.17.6
Flutter SDK 3.0.5


dependencies:
- amplify_api 0.6.5 [amplify_api_android amplify_api_ios amplify_core amplify_flutter aws_common collection flutter meta plugin_platform_interface]
- amplify_auth_cognito 0.6.5 [amplify_auth_cognito_android amplify_auth_cognito_ios amplify_core aws_common collection flutter meta plugin_platform_interface]
- amplify_datastore 0.6.5 [flutter amplify_datastore_plugin_interface amplify_core plugin_platform_interface meta collection async]
- amplify_flutter 0.6.5 [amplify_core amplify_datastore_plugin_interface amplify_flutter_android amplify_flutter_ios aws_common collection flutter meta plugin_platform_interface]
- collection 1.16.0
- connectivity_plus 2.3.6+1 [flutter connectivity_plus_platform_interface connectivity_plus_linux connectivity_plus_macos connectivity_plus_web connectivity_plus_windows]
- cupertino_icons 1.0.5
- dots_indicator 2.1.0 [flutter]
- flutter 0.0.0 [characters collection material_color_utilities meta vector_math sky_engine]
- flutter_lints 2.0.1 [lints]
- intl 0.17.0 [clock path]
- introduction_screen 3.0.2 [flutter dots_indicator collection]
- math_expressions 2.3.1 [vector_math]
- provider 6.0.3 [collection flutter nested]
- purchases_flutter 4.2.1 [flutter freezed_annotation json_annotation]
- shared_preferences 2.0.15 [flutter shared_preferences_android shared_preferences_ios shared_preferences_linux shared_preferences_macos shared_preferences_platform_interface shared_preferences_web shared_preferences_windows]
- syncfusion_flutter_charts 20.2.46 [flutter intl vector_math syncfusion_flutter_core]
- url_launcher 6.1.5 [flutter url_launcher_android url_launcher_ios url_launcher_linux url_launcher_macos url_launcher_platform_interface url_launcher_web url_launcher_windows]

transitive dependencies:
- amplify_api_android 0.6.5 [flutter]
- amplify_api_ios 0.6.5 [amplify_core flutter]
- amplify_auth_cognito_android 0.6.5 [flutter]
- amplify_auth_cognito_ios 0.6.5 [amplify_core flutter]
- amplify_core 0.6.5 [aws_common collection flutter intl json_annotation meta plugin_platform_interface uuid]
- amplify_datastore_plugin_interface 0.6.5 [amplify_core collection flutter meta]
- amplify_flutter_android 0.6.5 [flutter]
- amplify_flutter_ios 0.6.5 [amplify_core flutter]
- args 2.3.1
- async 2.8.2 [collection meta]
- aws_common 0.1.1 [async collection http meta stream_transform uuid]
- characters 1.2.0
- charcode 1.3.1
- clock 1.1.0
- connectivity_plus_linux 1.3.1 [flutter connectivity_plus_platform_interface meta nm]
- connectivity_plus_macos 1.2.4 [connectivity_plus_platform_interface flutter]
- connectivity_plus_platform_interface 1.2.1 [flutter meta plugin_platform_interface]
- connectivity_plus_web 1.2.3 [connectivity_plus_platform_interface flutter_web_plugins flutter]
- connectivity_plus_windows 1.2.2 [connectivity_plus_platform_interface flutter]
- crypto 3.0.2 [typed_data]
- dbus 0.7.8 [args ffi meta xml]
- ffi 2.0.1
- file 6.1.4 [meta path]
- flutter_web_plugins 0.0.0 [flutter js characters collection material_color_utilities meta vector_math]
- freezed_annotation 2.1.0 [collection json_annotation meta]
- http 0.13.5 [async http_parser meta path]
- http_parser 4.0.1 [collection source_span string_scanner typed_data]
- js 0.6.4
- json_annotation 4.6.0 [meta]
- lints 2.0.0
- material_color_utilities 0.1.4
- meta 1.7.0
- nested 1.0.0 [flutter]
- nm 0.5.0 [dbus]
- path 1.8.1
- path_provider_linux 2.1.7 [ffi flutter path path_provider_platform_interface xdg_directories]
- path_provider_platform_interface 2.0.4 [flutter platform plugin_platform_interface]
- path_provider_windows 2.1.3 [ffi flutter path path_provider_platform_interface win32]
- petitparser 5.0.0 [meta]
- platform 3.1.0
- plugin_platform_interface 2.1.2 [meta]
- process 4.2.4 [file path platform]
- shared_preferences_android 2.0.12 [flutter shared_preferences_platform_interface]
- shared_preferences_ios 2.1.1 [flutter shared_preferences_platform_interface]
- shared_preferences_linux 2.1.1 [file flutter path path_provider_linux path_provider_platform_interface shared_preferences_platform_interface]
- shared_preferences_macos 2.0.4 [flutter shared_preferences_platform_interface]
- shared_preferences_platform_interface 2.1.0 [flutter plugin_platform_interface]
- shared_preferences_web 2.0.4 [flutter flutter_web_plugins shared_preferences_platform_interface]
- shared_preferences_windows 2.1.1 [file flutter path path_provider_platform_interface path_provider_windows shared_preferences_platform_interface]
- sky_engine 0.0.99
- source_span 1.8.2 [collection path term_glyph]
- stream_transform 2.0.0
- string_scanner 1.1.0 [charcode source_span]
- syncfusion_flutter_core 20.2.46 [vector_math flutter]
- term_glyph 1.2.0
- typed_data 1.3.1 [collection]
- url_launcher_android 6.0.17 [flutter url_launcher_platform_interface]
- url_launcher_ios 6.0.17 [flutter url_launcher_platform_interface]
- url_launcher_linux 3.0.1 [flutter url_launcher_platform_interface]
- url_launcher_macos 3.0.1 [flutter url_launcher_platform_interface]
- url_launcher_platform_interface 2.1.0 [flutter plugin_platform_interface]
- url_launcher_web 2.0.13 [flutter flutter_web_plugins url_launcher_platform_interface]
- url_launcher_windows 3.0.1 [flutter url_launcher_platform_interface]
- uuid 3.0.6 [crypto]
- vector_math 2.1.2
- win32 3.0.0 [ffi]
- xdg_directories 0.2.0+2 [meta path process]
- xml 6.1.0 [collection meta petitparser]

Device

Pixel XL, iphone xs max

OS

ios 15.5, android 10

Deployment Method

Amplify CLI

CLI Version

9.2.1

Additional Context

No response

Amplify Config

const amplifyconfig = ''' {
"UserAgent": "aws-amplify-cli/2.0",
"Version": "1.0",
"api": {
"plugins": {
"awsAPIPlugin": {
"": {
"endpointType": "GraphQL",
"endpoint":
"region": "us-east-1",
"authorizationType": "AMAZON_COGNITO_USER_POOLS"
}
}
}
},
"auth": {
"plugins": {
"awsCognitoAuthPlugin": {
"UserAgent": "aws-amplify-cli/0.1.0",
"Version": "0.1.0",
"IdentityManager": {
"Default": {}
},
"CredentialsProvider": {
"CognitoIdentity": {
"Default": {
"PoolId":
"Region": "us-east-1"
}
}
},
"CognitoUserPool": {
"Default": {
"PoolId":
"AppClientId":
"AppClientSecret":
"Region": "us-east-1"
}
},
"Auth": {
"Default": {
"authenticationFlowType": "USER_SRP_AUTH",
"socialProviders": [],
"usernameAttributes": [
"EMAIL"
],
"signupAttributes": [
"EMAIL"
],
"passwordProtectionSettings": {
"passwordPolicyMinLength": 8,
"passwordPolicyCharacters": []
},
"mfaConfiguration": "OFF",
"mfaTypes": [
"SMS"
],
"verificationMechanisms": [
"EMAIL"
]
}
},
"AppSync": {
"Default": {
"ApiUrl":
"Region": "us-east-1",
"AuthMode": "AMAZON_COGNITO_USER_POOLS",
"ClientDatabasePrefix":
},
"walletin_AWS_IAM": {
"ApiUrl":
"Region": "us-east-1",
"AuthMode": "AWS_IAM",
"ClientDatabasePrefix":
}
}
}
}
}
}''';

[yazoonic]

FYI . I am using transformer v1

[yazoonic]

sounds the issue related to #1566 even though I am not using list of users.

but the schema in the schema portal doesnt have (subID: String) for Oncreate , Onupdate and Ondelete .
while of I dont use custom ownerfield ( in this case owner) I can see (owner: String)

[HuiSF]

Hi @yazoonic thanks for reporting this issue.

Looking at the error message:

[GraphQLResponse.Error{message='Validation error of type UnknownArgument: Unknown field argument subID @ 'onDeleteEntries'', locations='null', path='null', extensions='null'}]

It indicate that in the GraphQL schema deployed to AppSync, subID is not presented in the type onDeleteEntries, This exception happened when not event reached to the point that multi-auth resolution should take place.

FYI . I am using transformer v1

I've found a similar issue aws-amplify/amplify-codegen#117 it suggests that this issue may be Transformer v1 exclusive. Please consider to migrate to Transformer V2 see if this issue persists, as V1 is not being supported and missing new features.

[yazoonic]

Thank you @HuiSF . Why transformer v1 is not supported? At least you guys should remove the limitations on transformer v2 before putting transformver v1 eos.

Now O have production and I cant migrate easily because I have tables connected together in non scalar field which I cant migrate at this point ..

Btw, I am trying to use multi auth to migrate to owner auth because of the issue I raised on June about selective sync which is not working on Android devices

[HuiSF]

comment WIP

[yazoonic]

@HuiSF this is the schema on the portal
onCreateEntries: Entries
@aws_subscribe(mutations: ["createEntries"])
@aws_iam
@aws_cognito_user_pools
onUpdateEntries: Entries
@aws_subscribe(mutations: ["updateEntries"])
@aws_iam
@aws_cognito_user_pools
onDeleteEntries: Entries
@aws_subscribe(mutations: ["deleteEntries"])

do you want me to check schema in different place?

[HuiSF]

Hi @yazoonic sorry I spoke too soon in my previous comment.

I dug a bit deeper. There is major difference between transformer v1 and v2 is that the rule deny by default is introduced in v2. Prior to v2, the model auth rules don't apply to subscription, where the transformer v1 doesn't generate auth related field such as

onCreateUser(subID: String)

With lunch of the Transformer V2, the library started to supply required auth information when establish subscription, e.g. subId field in your case, but the Transformer v1 generated type doesn't accept this information. If I recall correctly, library should provide backwards compatibility on this. I will need to confirm with the maintainers of amplify-ios and amplify-android.

[yazoonic]

I am ok to migrate to v2 but you have to fix nested tables with non scalar field

Also can you check #1816 I want to resolve one of them at least

[HuiSF]

but you have to fix nested tables with non scalar field

Can you explain more with schema examples?

[yazoonic]

I removed fields just for simplicity but this how it looks like currently.

type Table1 @model @auth(rules: [ { allow: owner,ownerField: "subID", identityClaim: "sub"},{ allow: private}]) {
id: ID!
subID: String
category: [table2] @connection(name: "categoriesConnection")

}

type table2 @model @auth(rules: [ { allow: owner,ownerField: "subID", identityClaim: "sub"},{ allow: private}]) {
id: ID!
category2: table1 @connection(name: "categoriesConnection")
subID: String
}

[HuiSF]

Can you tell me what's the issue you are having with the schema? @yazoonic

[yazoonic]

@HuiSF I am trying to convert this to v2 so table 1 hasMany and table2 category2 field belongs to table 1 this was at the beginning of amplify .. this table cant be migrated to v2 the way I need it to work and it crash my app... I have other nested tables created after and it has automatic field like connectionID that can be migrated without any problems

[HuiSF]

OK @yazoonic have you followed the migration document?

• Did you use amplify migrate api to migrate?
• Do you mind to post the migrated model schema?
• What directive caused the issue? @hasMany or @belongsTo?
• What error message you saw when the App crashes?

Migration process varies according to schema and its use cases. Please provide detailed information so we can help you triage, thanks :)

[yazoonic]

yes I did
I will do migration one more time to provide more logs ...
Did you use amplify migrate api to migrate?
I used migrate api and corrected all errors ....
Do you mind to post the migrated model schema?
In private
What directive caused the issue? @hasmany or @belongsTo?
belongs to
What error message you saw when the App crashes?
I will do migration one more time and send logs ... the issue only at those 2 tables.. other tables working fine.

[yazoonic]

@HuiSF I have migrated my dev to v2 and I worked around my tables above in my code.

feel free to close this ... but I hope that when transformer v3 released, eos will not happen to transformer v2 :D

just question before you close , so now since I have owner auth, I dont need the selective sync that I was using based on subID.. right?

[HuiSF]

just question before you close , so now since I have owner auth, I dont need the selective sync that I was using based on subID

The owner auth rule will prevent syncing records that don't belong to the owner defined by subID. Details please refer to the DataStore authorization rules document, and CLI data modeling authorization rule: per-user owner-based data access document.

[yazoonic]

Ok thanks

[HuiSF]

Closing this issue, please feel free to reopen and follow up if anything!

[dgagnon]

We are also seeing this on v2