By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Amplify - Existing Users In Pool Cannot Authenticate with New REST API (new users can)

0

We recently introduced a new REST api into our amplify application using amplify add api, Restrict API Access? Y, Auth/Guest Users: Authenticated users only, create, read, update, delete.

When I attempt to access the API with a user who registered before the API was introduced, they get an "Error: Request failed with status code 403" response.

When I create a new user, they get a 200 success response.

If I remove "Restrict API Access" everyone can use the API.

How can I resolved this issue for my existing users?

Topics
ServerlessFront-End Web & MobileNetworking & Content DeliverySecurity, Identity, & Compliance
Tags
Amazon API GatewayAWS AmplifyAmazon Cognito User Pools
Language
English
Clint
asked a year ago368 views
2 Answers
0
Accepted Answer

Ok, I found an answer to this. Here's a github issue that amplify-js team was nice enough to field for me.

https://github.com/aws-amplify/amplify-js/issues/11197

Restricting access by "Authenticated user" - "User needs to sign in to use the REST API" will NOT authenticate any users who have been added to a "group". Users in "groups" need to have one or more of their Groups explicitly added to the authentication.

Clint
answered a year ago
0

Is it possible you have 2 Cognito user pools? Pool A was created with your original API, and Pool B was created with your new API? That would explain the behavior with existing users. If that is the case, I think you can run amplify import auth and import the first pool.

John Vold
answered a year ago
  • Clint
    a year ago

    Thanks for the prompt reply. This is not the case. Both old (Pre-API Deploy) and new (Post-API Deploy) users can log into the app and are contained in the same user pool. I've tried fresh incognito browsers to see if it's cookie or cache related with no help. I'm not clear how authentication is deployed via Amplify in this case. How can I troubleshoot this?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content