DataStore.observeQuery is not working when model has owner + static group auth rules

[qwertylolman]

Description

data changed from the AmplifyStudio is not synced if a model has owner and group auth rules and the user is not in the group.
if the user is in the group or the model has public access DataSync works without issues.

the mentioned platform is iOS only, as we don't support Android for this project

generated auth rules:

    modelSchemaDefinition.authRules = [
      amplify_core.AuthRule(
        authStrategy: amplify_core.AuthStrategy.OWNER,
        ownerField: "owner",
        identityClaim: "cognito:username",
        provider: amplify_core.AuthRuleProvider.USERPOOLS,
        operations: const [
          amplify_core.ModelOperation.CREATE,
          amplify_core.ModelOperation.UPDATE,
          amplify_core.ModelOperation.DELETE,
          amplify_core.ModelOperation.READ
        ]),
      amplify_core.AuthRule(
        authStrategy: amplify_core.AuthStrategy.GROUPS,
        groupClaim: "cognito:groups",
        groups: [ "admin-group" ],
        provider: amplify_core.AuthRuleProvider.USERPOOLS,
        operations: const [
          amplify_core.ModelOperation.READ,
          amplify_core.ModelOperation.CREATE,
          amplify_core.ModelOperation.UPDATE,
          amplify_core.ModelOperation.DELETE
        ])
    ];

Categories

• Analytics
• API (REST)
• API (GraphQL)
• Auth
• Authenticator
• DataStore
• Notifications (Push)
• Storage

Steps to Reproduce

1. create a user group
2. create a model with auth rules set to 'owner' and 'group' and give the group full access to the model
3. observe the model changes using the DataStore.observeQuery in any way (via .listen or StreamBuilder, no matter)
4. save a record from the mobile app client
5. change some value in the created record using the 'content' feature in Amplify Studio

A.R. data updated from the Amplify Studio is not synced until the app restart
E.R. data is synced

Screenshots

No response

Platforms

• iOS
• Android
• Web
• macOS
• Windows
• Linux

Flutter Version

3.19.6

Amplify Flutter Version

1.7.0, 1.8.0

Deployment Method

Amplify CLI

Schema

type MyModel @model @auth(rules: [{allow: owner}, {allow: groups, groups: ["admin-group"], operations: [read, create, update, delete]}]) {
  id: ID!
  foo: String!
  bar: MyEmbbedClass!
  date: AWSDate!
}

type MyEmbbedClass {
  fuzz: String
  buzz: String!
}

Console output

Amplify configured with DataStore plugin
[Amplify] Configuring
[awsAPIPlugin] Configure finished
[Amplify] No plugin found for configuration key `awsS3StoragePlugin`. Add a plugin for that key.
DataStorePlugin successfully initialized
Successfully cleared the store
[IncomingAsyncSubscriptionEventToAnyModelMapper] Received subscription: PassthroughSubject
[IncomingAsyncSubscriptionEventToAnyModelMapper] Received subscription: PassthroughSubject
[IncomingAsyncSubscriptionEventToAnyModelMapper] Received subscription: PassthroughSubject
[IncomingAsyncSubscriptionEventToAnyModelMapper] Received subscription: PassthroughSubject
[IncomingAsyncSubscriptionEventToAnyModelMapper] connectionState now connected
[IncomingAsyncSubscriptionEventToAnyModelMapper] connectionState now connected
[IncomingAsyncSubscriptionEventToAnyModelMapper] connectionState now connected
[IncomingAsyncSubscriptionEventToAnyModelMapper] connectionState now connected
[AWSInitialSyncOrchestrator] Beginning initial sync
[InitialSyncOperation] Beginning sync for Model1
[InitialSyncOperation] Beginning sync for Model2
[InitialSyncOperation] Beginning sync for Model3
[InitialSyncOperation] Beginning sync for Model4
Encoder Foundation.(unknown context at $1b198e8d8).__JSONEncoder
[ERROR:flutter/shell/common/shell.cc(1038)] The 'com.amazonaws.amplify/datastore_observe_events' channel sent a message from native to Flutter on a non-platform thread. Platform channel messages must be sent on the platform thread. Failure to do so may result in data loss or crashes, and must be fixed in the plugin or application code creating that channel.
See https://docs.flutter.dev/platform-integration/platform-channels#channels-and-platform-threading for more information.
[RemoteSyncEngine] Successfully finished sync
Encoder Foundation.(unknown context at $1b198e8d8).__JSONEncoder
Unhandled DataStoreHubEvent: DataStore.syncStarted 
Encoder Foundation.(unknown context at $1b198e8d8).__JSONEncoder

[khatruong2009]

Hi @qwertylolman, we're going to take a look at this issue and will get back to you with any updates or information.

[khatruong2009]

Hi @qwertylolman, I created a sample app and attempted to reproduce the issue myself but was unable to. I followed all the steps that you provided and when I make a change to a record using Amplify Studio, it instantly appears in the stream. Could you possibly provide a code example of where you're having this issue?

[NikaHsn]

@qwertylolman we couldn't replicate the problem following the given steps. If you're still facing this issue, could you please provide additional details to help us reproduce it? Thank you.

[qwertylolman]

@NikaHsn @khatruong2009 sorry, i don't have enough time to provide you with an example. and yes, I'm still facing this issue.
is there a possibility that something is cached or broken under the hood? as this amplify project is a kind of sandbox for our team to investigate the possibilities of amplify and appsync. so everything (including user groups and data schema with respected data) was dropped and created multiple times.
also, we have a custom sign-in challenge lambda, but the issue does not depend on the way the user logs in to the app (using the sign-in flow, or cached auth sessions).

anyway, I'm ok if you will close this ticket. i will create a new one and provide more info when I will have more time.