New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Access Denied (403) executing downloadData() despite allow.guest.to(['read']) #13280
Comments
Hi 👋 Thanks for opening up the issue. The feature to support the backend is not yet released since we are actively working on it. There is a tagged release
More on this will come out with docs |
I am seeing something with getUrl. I am trying to do a test where I upload a file , generate a link on a page, then download the file. The upload is working but the link that I am getting back using getUrl keeps giving me an access denied 403 error. it successfully works for public access but not private. I have added 'private/{entity_id}/*': [allow.entity('identity').to(['read', 'write', 'delete'])] to the access of my defineStorage uploads work fine but downloads don't |
@gpavlov2016 and @strickon, you should now be able to verify/test this on |
@strickon can you provide us with a code sample. The permission you have should let you read & write into |
I have figured out what I think is causing the problem but not sure how to address is. So I am using the amplify ui storage manger component to upload the file. It is going into a private folder in the bucket. I am then using getUrl to generate a presigned url using the server context. The problem I believe is that the url being generated doesn't match the s3 bucket url for the identity id portion. I am a logged in user uploading to a private folder. I see the files in the bucket with a path. Now I generate a url with getUrl using the server context and the path in the url is different from the path in the bucket. the identityId portion of the url is different. I don't know which part is incorrect. Is the StorageManager putting the file in the wrong private folder with the wrong identity id or is the getUrl generating the wrong download url? Everything works fine if I upload and download using public access level which puts it into the public folder. here is the upload component from amplify-ui . it requires "use client"; (could this be an issue?) export default function Upload() { ); Download getUrl Here is the function to create teh download url const CreateDownload = async (key: string, access: string) => { Let me know any thoughts. |
I updated my app and it wasn't working but found the source of the issue and it works now. The documentation was a bit sparse. The problem was that the the server context was null in the geturl example so it only worked for public files. the cookies needed to be passed in to generate the proper url for private access. nextServerContext: { cookies }, |
Could you point out where u had difficulty with docs? We can update it to give clarity. |
https://docs.amplify.aws/gen2/build-a-backend/server-side-rendering/#pageMain The particular example with getUrl was a bit confusing with regards to the server context. It would be good to have some more detailed examples of the storage component and browser based uploads and downloads. |
Thanks appreciate the feedback. It is in works and should start seeing more indepth docs soon :) |
@cwomack Upgrading to v6.2 solved the issue, thank you! |
@gpavlov2016 Thanks for the feedback and we will work on it. We have updated our docs site to reflect the new usage. https://docs.amplify.aws/react/build-a-backend/storage/set-up-storage/ Hopefully this helps clarify the storage API usage. Let us know if there is anything else we can help with or we can close the issue. |
Before opening, please confirm:
JavaScript Framework
Next.js
Amplify APIs
Storage
Amplify Version
v6
Amplify Categories
storage
Backend
Amplify Gen 2 (Preview)
Environment information
Describe the bug
storage\resource.ts:
downloadData from another file:
Response from server:
Request headers:
Expected behavior
Expected to get the file
Reproduction steps
Define the storage resources mentioned above and run downloadData for any object key under the authorized key prefix for allow.guest.to(['read'])
Code Snippet
// Put your code below this line.
Log output
aws-exports.js
No response
Manual configuration
No response
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
No response
The text was updated successfully, but these errors were encountered: