I'm trying to follow the Amplify docs to expose a graphql mutation publicly via unauthenticated requests. From the docs, it seems like this should be possible.
From the CLI docs:
You can also override the authorization provider. In the example below, iam is specified as the provider which allows you to use an "Unauthenticated Role" from the Cognito identity pool for public access instead of an API Key. When you run amplify add auth, the Amplify CLI generates scoped down IAM policies for the "Unauthenticated role" in Cognito identity pool automatically.
From the Library docs:
When using AWS_IAM for public API access, unauthenticated logins must be enabled. To enable unauthenticated logins, run amplify update auth from the command line and choose Walkthrough all the auth configurations
I've followed these steps, enabling unauthenticated roles on the API (I can see that the unauthenticated role has been created in IAM). Here is the operation I'm trying to expose publicly:
type Mutation {
submitResponseMessage(message: String!): String!
@function(name: "myFunc-${env}")
@auth(rules: [{ allow: public, provider: iam }])
}
I can successfully test this mutation operation through the AppSync console using IAM authentication, and I notice that the "Authorization" request header includes stuff like "Credential=", "SignedHeaders=", and "Signature=".
However, from my React app, I'm doing this:
const response = await API.graphql(
graphqlOperation(
submitResponseMessage,
{message: "hello"},
'AWS_IAM'))
and it's giving this error in the browser console:
error submitting response Error: No current user
at GraphQLAPIClass.<anonymous> (GraphQLAPI.ts:177:1)
at step (tslib.es6.js:100:1)
at Object.throw (tslib.es6.js:81:1)
at rejected (tslib.es6.js:72:1)
Am I missing a step? Am I correctly understanding that my react app with an unauthenticated user should be able to invoke this operation via IAM?
