Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DataStore sync fails on iOS with OIDC when IAM is specified as an additional provider #3967

Closed
2 of 14 tasks
thoschwa opened this issue Oct 18, 2023 · 5 comments
Closed
2 of 14 tasks

DataStore sync fails on iOS with OIDC when IAM is specified as an additional provider #3967

thoschwa opened this issue Oct 18, 2023 · 5 comments
Assignees
@khatruong2009
Labels
datastore Issues related to the DataStore Category requires-ios-fix This issue is the result of an underlying Amplify iOS issue that needs to be fixed.

Comments

@thoschwa
Copy link

thoschwa commented Oct 18, 2023
edited
Loading

Description

When starting the app I get:

Unable to find suitable Auth plugin for syncEngine. Models require auth`

This issue occurs only on iOS, on Android it is working as expected. The API works fine, so when requesting the same data via the API plugin everything works, so it seams to be DataStore related.

This is how I configure Amplify before runApp in my main.dart:

Future<void> _configureAmplify() async {
  final api = AmplifyAPI(
    modelProvider: ModelProvider.instance,
    authProviders: [
      OIDFirebaseTokenProvider(),
    ],
  );

  final datastorePlugin = AmplifyDataStore(
    modelProvider: ModelProvider.instance,
  );

  await Amplify.addPlugins([api, datastorePlugin]);

  try {
    await Amplify.configure(amplifyconfig);
  } on Exception catch (e) {
    safePrint('An error occurred configuring Amplify: $e');
  }
}

and my amplifyconfiguration.dart:

const amplifyconfig = ''' {
    "UserAgent": "aws-amplify-cli/2.0",
    "Version": "1.0",
    "api": {
        "plugins": {
            "awsAPIPlugin": {
                PROJECT_NAME: {
                    "endpointType": "GraphQL",
                    "endpoint": ENDPOINT,
                    "region": "eu-central-1",
                    "authorizationType": "OPENID_CONNECT"
                }
            }
        }
    }
}''';

I have also followed the guide on Getting started with Amplify and Flutter and have completed all the steps mentioned.

Categories

  • Analytics
  • API (REST)
  • API (GraphQL)
  • Auth
  • Authenticator
  • DataStore
  • Notifications (Push)
  • Storage

Steps to Reproduce

  • Specifiy OIDC and IAM as authorization providers for a model
  • Only configure OICD for the app and no Cognito plugin

Screenshots

No response

Platforms

  • iOS
  • Android
  • Web
  • macOS
  • Windows
  • Linux

Flutter Version

3.13.7

Amplify Flutter Version

1.4.1

Deployment Method

Amplify CLI

Schema

type User @model @auth(
      rules:[
          { allow: owner,
              provider: oidc,
              ownerField: "id",
              identityClaim: "sub",
          },
         { allow: private, provider: iam }
      ]
  )
  {
      id: ID! @primaryKey
      name: String
      birthday: AWSDate
  }
@khatruong2009 khatruong2009 added datastore Issues related to the DataStore Category pending-triage This issue is in the backlog of issues to triage labels Oct 18, 2023
@khatruong2009 khatruong2009 added not-reproducible Issues that cannot be reproduced using the steps provided Investigating and removed pending-triage This issue is in the backlog of issues to triage not-reproducible Issues that cannot be reproduced using the steps provided labels Nov 2, 2023
@thoschwa
Copy link
Author

thoschwa commented Nov 8, 2023

I found the issue, because we specified IAM as an additional provider, the iOS Plugin expects Cognito to be configured and available to the app. However on Android this is not required and it shouldn't be, because our app only uses OICD for authorization and IAM is only used by server side functions. So my question is if this is intended behavior and if there is a different way to specify which authorization modes are actually relevant for the client side.

@thoschwa thoschwa changed the title DataStore sync not working only on iOS with OIDC as auth provider DataStore sync fails on iOS with OIDC when IAM is specified as an additional provider Nov 8, 2023
@khatruong2009
Copy link
Member

khatruong2009 commented Nov 22, 2023
edited
Loading

Hi @thoschwa, I'm glad your issue is resolved. I will look into whether or not this is expected behavior on the iOS side and get back to you.

@thoschwa
Copy link
Author

thoschwa commented Dec 4, 2023

Any update on that? @khatruong2009

@lawmicha
Copy link
Contributor

lawmicha commented Jan 3, 2024

Hi @thoschwa, thanks for the details. DataStore supports multi-auth which is enabled through the configuration flag

final datastorePlugin = AmplifyDataStore(
      modelProvider: ModelProvider.instance,
      authModeStrategy: AuthModeStrategy.multiAuth,
    );

Since you do not have it enabled, it should do its determination based on the API's default authorization type in the configuration. Since your configuration's default authorization is "authorizationType": "OPENID_CONNECT", it will check that you have an auth provider on the API plugin, and not require you to have the auth plugin.

So my question is if this is intended behavior and if there is a different way to specify which authorization modes are actually relevant for the client side.

I think it's a bug that it's requiring you to have auth plugin despite not having multiauth enabled on the DataStore configuration. Currently it should use the default authorization mode on the API which is OIDC. I'm working on a fix that should work with your current set up.

It would be a feature request for selecting which auth modes to use on the client side, since the generated file has all the relevant auth rules for that model. A workaround would be to manually remove the auth rule from the generated file that you don't want the client to know about. Multi-auth flag should be set to true if you have more than one auth mode you want enabled on the client side.

@khatruong2009 khatruong2009 added the requires-ios-fix This issue is the result of an underlying Amplify iOS issue that needs to be fixed. label Jan 3, 2024
This was referenced Jan 4, 2024
Merged
Merged
@lawmicha
Copy link
Contributor

lawmicha commented Feb 6, 2024

the fix has been released in Amplify Swift 1.30.7. https://github.com/aws-amplify/amplify-swift/releases/tag/1.30.7

@khatruong2009 khatruong2009 mentioned this issue Feb 14, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@khatruong2009 khatruong2009

Labels
datastore Issues related to the DataStore Category requires-ios-fix This issue is the result of an underlying Amplify iOS issue that needs to be fixed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lawmicha @thoschwa @khatruong2009