Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS AppSync - Unauthorized Exception

I have started using AWS AppSync and am running into a permissions issue.

I used AppSync to create a DynamoDB table for my data, and set up authorization for use with Cognito User Pools, which I've already created.

I set the Default Action to ALLOW which, according to the AWS docs -https://docs.aws.amazon.com/appsync/latest/devguide/security.html#amazon-cognito-user-pools-authorization - should allow public access to run any query/mutation/subscription defined in my schema by default.

The above documentation also says that restricting access is done by adding an @aws_auth to my type definitions. Which I have not added yet.

And so this is what I want: I want my queries to be public - no need to add an @aws_auth directive - and my mutations to be restricted to the Admins group within my Cognito User Pool. So in testing out a query, I should be able to have the data returned to me without being signed in anywhere.

However, when trying to run any test queries inside the AppSync console, I receive the following error message:

{
  "errors": [
    {
      "errorType": "UnauthorizedException",
      "message": "Unable to parse JWT token."
    }
  ]
}

Obviously, this is related to not being signed in with Cognito.

I've tested these queries before without using the Cognito authorization, and they all worked fine. And since my Default Action is set to ALLOW for my Cognito authorizer, my queries should run just the same now since I didn't modify them.

Looking at the code for my queries, types, and resolvers, I can't spot any difference in how they are written. The IAM role allowing access to my DynamoDB table also remains the same and has no restrictions attached to it.

What is going on? Is there a bug with AppSync, or am I missing something here?

Please let me know. Thank you

like image 380
Z_z_Z Avatar asked Dec 14 '22 14:12

Z_z_Z


1 Answers

I think your API Key expiration date is over.So goto -- APIs -> select your AppSync -> goto setting -> select your API keys -> then Edit -> now you are in "Configure your API key and change expiration date." -> Select Expires Choose when this API Key will expire here you can choose for 1 year from the date you create new API keys.

like image 75
Harsh Bhatnagar Avatar answered Jan 02 '23 03:01

Harsh Bhatnagar