Unauthorized error when Data-specific Authorization with AppSync (Datastore/GraphQL)

### Description

Hi! I'm developing an app where users should only access their own data. I implemented the `@auth` notation in my GraphQL schema based on the documentation. However, I'm encountering an unauthorized error in my Flutter app.

Here's a breakdown of the issue:
- A Cognito Lambda trigger creates users upon signup.
- The user is successfully created in the database.
- The user can sign in and authenticate.
- But fetching the authenticated user's data from the datastore (Flutter side) results in an unauthorized error.

Oh, on flutter side I've configured Datastore's Plugins to use MultiAuth (screenshot below)

I appreciate any help! :)

Here is the cli-inputs.json, might be useful. 

```json
{
  "version": 1,
  "serviceConfiguration": {
    "apiName": "awesomeproject",
    "serviceName": "AppSync",
    "defaultAuthType": {
      "mode": "AMAZON_COGNITO_USER_POOLS",
      "cognitoUserPoolId": "authawesomeprojectBlablablabla"
    },
    "conflictResolution": {
      "defaultResolutionStrategy": {
        "type": "AUTOMERGE"
      }
    },
    "additionalAuthTypes": [
      {
        "mode": "API_KEY",
        "expirationTime": 7,
        "apiKeyExpirationDate": "2024-04-25T15:14:53.887Z",
        "keyDescription": "dev"
      },
      {
        "mode": "AWS_IAM"
      }
    ]
  }
}
``` 

<details><summary>Logs</summary>
<p>
I/amplify:aws-datastore( 5758): DataStore plugin initialized.
I/amplify:aws-datastore( 5758): Orchestrator transitioning from STOPPED to SYNC_VIA_API
I/amplify:aws-datastore( 5758): Starting to observe local storage changes.
D/EGL_emulation( 5758): app_time_stats: avg=7.95ms min=1.27ms max=60.63ms count=56
I/amplify:aws-datastore( 5758): Now observing local storage. Local changes will be enqueued to mutation outbox.
I/amplify:aws-datastore( 5758): Setting currentState to LOCAL_ONLY
I/amplify:aws-datastore( 5758): Setting currentState to SYNC_VIA_API
I/amplify:aws-datastore( 5758): Orchestrator lock released.
I/amplify:aws-datastore( 5758): Starting API synchronization mode.
I/amplify:flutter:datastore( 5758): Established a new stream form flutter com.amplifyframework.datastore.storage.sqlite.SQLiteStorageAdapter$$ExternalSyntheticLambda13@a4376ad
I/amplify:aws-datastore( 5758): Starting processing subscription events.
I/amplify:aws-datastore( 5758): Orchestrator lock acquired.
I/amplify:aws-datastore( 5758): DataStore plugin initialized.
I/amplify:aws-datastore( 5758): Orchestrator lock released.
I/ker.awsome-project( 5758): Background concurrent copying GC freed 77415(3716KB) AllocSpace objects, 6(312KB) LOS objects, 49% free, 7230KB/14MB, paused 194us,43us total 155.783ms
D/TrafficStats( 5758): tagSocket(137) with statsTag=0xffffffff, statsUid=-1
D/EGL_emulation( 5758): app_time_stats: avg=6.25ms min=1.83ms max=34.03ms count=54
/ker.awsome-project( 5758): Long monitor contention with owner pool-7-thread-3 (6037) at void com.amplifyframework.api.aws.SubscriptionEndpoint.requestSubscription(com.amplifyframework.api.graphql.GraphQLRequest, com.amplifyframework.api.aws.AuthorizationType, com.amplifyframework.core.Consumer, com.amplifyframework.core.Consumer, com.amplifyframework.core.Consumer, com.amplifyframework.core.Action)(SubscriptionEndpoint.java:207) waiters=3 in void com.amplifyframework.api.aws.SubscriptionEndpoint.requestSubscription(com.amplifyframework.api.graphql.GraphQLRequest, com.amplifyframework.api.aws.AuthorizationType, com.amplifyframework.core.Consumer, com.amplifyframework.core.Consumer, com.amplifyframework.core.Consumer, com.amplifyframework.core.Action) for 2.108s
W/amplify:aws-datastore( 5758): Unauthorized failure:ON_DELETE User
W/ker.awsome-project( 5758): Long monitor contention with owner pool-7-thread-3 (6037) at void com.amplifyframework.api.aws.SubscriptionEndpoint.requestSubscription(com.amplifyframework.api.graphql.GraphQLRequest, com.amplifyframework.api.aws.AuthorizationType, com.amplifyframework.core.Consumer, com.amplifyframework.core.Consumer, com.amplifyframework.core.Consumer, com.amplifyframework.core.Action)(SubscriptionEndpoint.java:207) waiters=4 in void com.amplifyframework.api.aws.SubscriptionEndpoint.requestSubscription(com.amplifyframework.api.graphql.GraphQLRequest, com.amplifyframework.api.aws.AuthorizationType, com.amplifyframework.core.Consumer, com.amplifyframework.core.Consumer, com.amplifyframework.core.Consumer, com.amplifyframework.core.Action) for 2.321s
/amplify:aws-datastore( 5758): Unauthorized failure:ON_UPDATE User
W/ker.awsome-project( 5758): Long monitor contention with owner pool-7-thread-3 (6037) at void com.amplifyframework.api.aws.SubscriptionEndpoint.requestSubscription(com.amplifyframework.api.graphql.GraphQLRequest, com.amplifyframework.api.aws.AuthorizationType, com.amplifyframework.core.Consumer, com.amplifyframework.core.Consumer, com.amplifyframework.core.Consumer, com.amplifyframework.core.Action)(SubscriptionEndpoint.java:207) waiters=6 in void com.amplifyframework.api.aws.SubscriptionEndpoint.requestSubscription(com.amplifyframework.api.graphql.GraphQLRequest, com.amplifyframework.api.aws.AuthorizationType, com.amplifyframework.core.Consumer, com.amplifyframework.core.Consumer, com.amplifyframework.core.Consumer, com.amplifyframework.core.Action) for 2.697s
W/amplify:aws-datastore( 5758): Unauthorized failure:ON_CREATE User
D/EGL_emulation( 5758): app_time_stats: avg=6.07ms min=2.30ms max=22.02ms count=53
W/ker.awsome-project( 5758): Long monitor contention with owner pool-7-thread-3 (6037) at void com.amplifyframework.api.aws.SubscriptionEndpoint.requestSubscription(com.amplifyframework.api.graphql.GraphQLRequest, com.amplifyframework.api.aws.AuthorizationType, com.amplifyframework.core.Consumer, com.amplifyframework.core.Consumer, com.amplifyframework.core.Consumer, com.amplifyframework.core.Action)(SubscriptionEndpoint.java:207) waiters=7 in void com.amplifyframework.api.aws.SubscriptionEndpoint.requestSubscription(com.amplifyframework.api.graphql.GraphQLRequest, com.amplifyframework.api.aws.AuthorizationType, com.amplifyframework.core.Consumer, com.amplifyframework.core.Consumer, com.amplifyframework.core.Consumer, com.amplifyframework.core.Action) for 2.938s
I/amplify:aws-datastore( 5758): Started subscription processor for models: [User] of types [ON_CREATE, ON_UPDATE, ON_DELETE].
D/TrafficStats( 5758): tagSocket(149) with statsTag=0xffffffff, statsUid=-1
D/EGL_emulation( 5758): app_time_stats: avg=3.87ms min=1.31ms max=22.84ms count=57
D/CompatibilityChangeReporter( 5758): Compat change id reported: 263076149; UID 10191; state: DISABLED
I/amplify:aws-datastore( 5758): Successfully sync'd down model state from cloud.
W/amplify:aws-datastore( 5758): Initial cloud sync failed for User.
W/amplify:aws-datastore( 5758): IrRecoverableException{message=Empty response from AppSync., cause=null, recoverySuggestion=Report to AWS team.}
W/amplify:aws-datastore( 5758): 	at com.amplifyframework.datastore.syncengine.SyncProcessor.lambda$syncPage$16(SyncProcessor.java:325)
W/amplify:aws-datastore( 5758): 	at com.amplifyframework.datastore.syncengine.SyncProcessor$$ExternalSyntheticLambda19.accept(Unknown Source:4)
W/amplify:aws-datastore( 5758): 	at com.amplifyframework.datastore.appsync.AppSyncClient$$ExternalSyntheticLambda1.accept(Unknown Source:4)
W/amplify:aws-datastore( 5758): 	at com.amplifyframework.api.aws.MultiAuthAppSyncGraphQLOperation$OkHttpCallback.onResponse(MultiAuthAppSyncGraphQLOperation.java:183)
W/amplify:aws-datastore( 5758): 	at okhttp3.internal.connection.RealCall$AsyncCall.run(RealCall.kt:539)
W/amplify:aws-datastore( 5758): 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
W/amplify:aws-datastore( 5758): 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
W/amplify:aws-datastore( 5758): 	at java.lang.Thread.run(Thread.java:1012)
E/amplify:flutter:datastore( 5758): DataStoreException{message=Initial cloud sync failed for User., cause=IrRecoverableException{message=Empty response from AppSync., cause=null, recoverySuggestion=Report to AWS team.}, recoverySuggestion=Check your internet connection.}
E/amplify:aws-datastore( 5758): Failure encountered while attempting to start API sync.
E/amplify:aws-datastore( 5758): DataStoreException{message=Initial sync during DataStore initialization failed., cause=java.lang.RuntimeException: IrRecoverableException{message=Empty response from AppSync., cause=null, recoverySuggestion=Report to AWS team.}, recoverySuggestion=There is a possibility that there is a bug if this error persists. Please take a look at 
E/amplify:aws-datastore( 5758): https://github.com/aws-amplify/amplify-android/issues to see if there are any existing issues that 
E/amplify:aws-datastore( 5758): match your scenario, and file an issue with the details of the bug if there isn't.}
E/amplify:aws-datastore( 5758): 	at com.amplifyframework.datastore.syncengine.Orchestrator.lambda$startApiSync$4$com-amplifyframework-datastore-syncengine-Orchestrator(Orchestrator.java:362)
E/amplify:aws-datastore( 5758): 	at com.amplifyframework.datastore.syncengine.Orchestrator$$ExternalSyntheticLambda8.subscribe(Unknown Source:2)
E/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.internal.operators.completable.CompletableCreate.subscribeActual(CompletableCreate.java:40)
E/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.core.Completable.subscribe(Completable.java:2850)
E/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.internal.operators.completable.CompletablePeek.subscribeActual(CompletablePeek.java:51)
E/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.core.Completable.subscribe(Completable.java:2850)
E/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.internal.operators.completable.CompletablePeek.subscribeActual(CompletablePeek.java:51)
E/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.core.Completable.subscribe(Completable.java:2850)
E/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.internal.operators.completable.CompletablePeek.subscribeActual(CompletablePeek.java:51)
E/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.core.Completable.subscribe(Completable.java:2850)
E/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.internal.operators.completable.CompletableSubscribeOn$SubscribeOnObserver.run(CompletableSubscribeOn.java:64)
E/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.core.Scheduler$DisposeTask.run(Scheduler.java:614)
E/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.internal.schedulers.ScheduledRunnable.run(ScheduledRunnable.java:65)
E/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.internal.schedulers.ScheduledRunnable.call(ScheduledRunnable.java:56)
E/amplify:aws-datastore( 5758): 	at java.util.concurrent.FutureTask.run(FutureTask.java:264)
E/amplify:aws-datastore( 5758): 	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:307)
E/amplify:aws-datastore( 5758): 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
E/amplify:aws-datastore( 5758): 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
E/amplify:aws-datastore( 5758): 	at java.lang.Thread.run(Thread.java:1012)
E/amplify:aws-datastore( 5758): Caused by: java.lang.RuntimeException: IrRecoverableException{message=Empty response from AppSync., cause=null, recoverySuggestion=Report to AWS team.}
E/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.internal.util.ExceptionHelper.wrapOrThrow(ExceptionHelper.java:46)
E/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.internal.observers.BlockingMultiObserver.blockingGet(BlockingMultiObserver.java:94)
E/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.core.Completable.blockingAwait(Completable.java:1461)
E/amplify:aws-datastore( 5758): 	at com.amplifyframework.datastore.syncengine.Orchestrator.lambda$startApiSync$4$com-amplifyframework-datastore-syncengine-Orchestrator(Orchestrator.java:358)
E/amplify:aws-datastore( 5758): 	... 18 more
E/amplify:aws-datastore( 5758): Caused by: IrRecoverableException{message=Empty response from AppSync., cause=null, recoverySuggestion=Report to AWS team.}
E/amplify:aws-datastore( 5758): 	at com.amplifyframework.datastore.syncengine.SyncProcessor.lambda$syncPage$16(SyncProcessor.java:325)
E/amplify:aws-datastore( 5758): 	at com.amplifyframework.datastore.syncengine.SyncProcessor$$ExternalSyntheticLambda19.accept(Unknown Source:4)
E/amplify:aws-datastore( 5758): 	at com.amplifyframework.datastore.appsync.AppSyncClient$$ExternalSyntheticLambda1.accept(Unknown Source:4)
E/amplify:aws-datastore( 5758): 	at com.amplifyframework.api.aws.MultiAuthAppSyncGraphQLOperation$OkHttpCallback.onResponse(MultiAuthAppSyncGraphQLOperation.java:183)
E/amplify:aws-datastore( 5758): 	at okhttp3.internal.connection.RealCall$AsyncCall.run(RealCall.kt:539)
E/amplify:aws-datastore( 5758): 	... 3 more
W/amplify:aws-datastore( 5758): API sync failed - transitioning to LOCAL_ONLY.
W/amplify:aws-datastore( 5758): DataStoreException{message=Initial sync during DataStore initialization failed., cause=java.lang.RuntimeException: IrRecoverableException{message=Empty response from AppSync., cause=null, recoverySuggestion=Report to AWS team.}, recoverySuggestion=There is a possibility that there is a bug if this error persists. Please take a look at 
W/amplify:aws-datastore( 5758): https://github.com/aws-amplify/amplify-android/issues to see if there are any existing issues that 
W/amplify:aws-datastore( 5758): match your scenario, and file an issue with the details of the bug if there isn't.}
W/amplify:aws-datastore( 5758): 	at com.amplifyframework.datastore.syncengine.Orchestrator.lambda$startApiSync$4$com-amplifyframework-datastore-syncengine-Orchestrator(Orchestrator.java:362)
W/amplify:aws-datastore( 5758): 	at com.amplifyframework.datastore.syncengine.Orchestrator$$ExternalSyntheticLambda8.subscribe(Unknown Source:2)
W/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.internal.operators.completable.CompletableCreate.subscribeActual(CompletableCreate.java:40)
W/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.core.Completable.subscribe(Completable.java:2850)
W/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.internal.operators.completable.CompletablePeek.subscribeActual(CompletablePeek.java:51)
W/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.core.Completable.subscribe(Completable.java:2850)
W/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.internal.operators.completable.CompletablePeek.subscribeActual(CompletablePeek.java:51)
W/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.core.Completable.subscribe(Completable.java:2850)
W/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.internal.operators.completable.CompletablePeek.subscribeActual(CompletablePeek.java:51)
W/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.core.Completable.subscribe(Completable.java:2850)
W/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.internal.operators.completable.CompletableSubscribeOn$SubscribeOnObserver.run(CompletableSubscribeOn.java:64)
W/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.core.Scheduler$DisposeTask.run(Scheduler.java:614)
W/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.internal.schedulers.ScheduledRunnable.run(ScheduledRunnable.java:65)
W/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.internal.schedulers.ScheduledRunnable.call(ScheduledRunnable.java:56)
W/amplify:aws-datastore( 5758): 	at java.util.concurrent.FutureTask.run(FutureTask.java:264)
W/amplify:aws-datastore( 5758): 	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:307)
W/amplify:aws-datastore( 5758): 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
W/amplify:aws-datastore( 5758): 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
W/amplify:aws-datastore( 5758): 	at java.lang.Thread.run(Thread.java:1012)
W/amplify:aws-datastore( 5758): Caused by: java.lang.RuntimeException: IrRecoverableException{message=Empty response from AppSync., cause=null, recoverySuggestion=Report to AWS team.}
W/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.internal.util.ExceptionHelper.wrapOrThrow(ExceptionHelper.java:46)
W/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.internal.observers.BlockingMultiObserver.blockingGet(BlockingMultiObserver.java:94)
W/amplify:aws-datastore( 5758): 	at io.reactivex.rxjava3.core.Completable.blockingAwait(Completable.java:1461)
W/amplify:aws-datastore( 5758): 	at com.amplifyframework.datastore.syncengine.Orchestrator.lambda$startApiSync$4$com-amplifyframework-datastore-syncengine-Orchestrator(Orchestrator.java:358)
W/amplify:aws-datastore( 5758): 	... 18 more
W/amplify:aws-datastore( 5758): Caused by: IrRecoverableException{message=Empty response from AppSync., cause=null, recoverySuggestion=Report to AWS team.}
W/amplify:aws-datastore( 5758): 	at com.amplifyframework.datastore.syncengine.SyncProcessor.lambda$syncPage$16(SyncProcessor.java:325)
W/amplify:aws-datastore( 5758): 	at com.amplifyframework.datastore.syncengine.SyncProcessor$$ExternalSyntheticLambda19.accept(Unknown Source:4)
W/amplify:aws-datastore( 5758): 	at com.amplifyframework.datastore.appsync.AppSyncClient$$ExternalSyntheticLambda1.accept(Unknown Source:4)
W/amplify:aws-datastore( 5758): 	at com.amplifyframework.api.aws.MultiAuthAppSyncGraphQLOperation$OkHttpCallback.onResponse(MultiAuthAppSyncGraphQLOperation.java:183)
W/amplify:aws-datastore( 5758): 	at okhttp3.internal.connection.RealCall$AsyncCall.run(RealCall.kt:539)
W/amplify:aws-datastore( 5758): 	... 3 more
I/amplify:aws-datastore( 5758): Orchestrator transitioning from SYNC_VIA_API to LOCAL_ONLY
I/amplify:aws-datastore( 5758): Stopping subscription processor.
I/amplify:aws-datastore( 5758): Stopped subscription processor.
I/amplify:aws-datastore( 5758): Setting currentState to LOCAL_ONLY
D/EGL_emulation( 5758): app_time_stats: avg=5.97ms min=1.33ms max=22.17ms count=53
W/ker.awsome-project( 5758): Long monitor contention with owner pool-7-thread-6 (6038) at void com.amplifyframework.api.aws.SubscriptionEndpoint.releaseSubscription(java.lang.String)(SubscriptionEndpoint.java:315) waiters=1 in void com.amplifyframework.api.aws.SubscriptionEndpoint.releaseSubscription(java.lang.String) for 408ms
</p>
</details> 

### Categories

- [ ] Analytics
- [ ] API (REST)
- [X] API (GraphQL)
- [ ] Auth
- [ ] Authenticator
- [X] DataStore
- [ ] Notifications (Push)
- [ ] Storage

### Steps to Reproduce

.

### Screenshots

![image](https://github.com/aws-amplify/amplify-flutter/assets/16046723/23844e83-69b7-48f0-a701-39554578f61b)



### Platforms

- [ ] iOS
- [X] Android
- [ ] Web
- [ ] macOS
- [ ] Windows
- [ ] Linux

### Flutter Version

3.19.5

### Amplify Flutter Version

1.7.0

### Deployment Method

Amplify CLI

### Schema

```GraphQL
type User
  @model
  @auth(
    rules: [
      { allow: private, provider: iam }
      { allow: owner, ownerField: "recordOwner" }
    ]
  ) {
  userId: ID! @primaryKey
  recordOwner: String 
  name: String!
  email: String!
  about: String
}
```


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Unauthorized error when Data-specific Authorization with AppSync (Datastore/GraphQL) #4746

Description

Categories

Steps to Reproduce

Screenshots

Platforms

Flutter Version

Amplify Flutter Version

Deployment Method

Schema

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Unauthorized error when Data-specific Authorization with AppSync (Datastore/GraphQL) #4746

Description

Description

Categories

Steps to Reproduce

Screenshots

Platforms

Flutter Version

Amplify Flutter Version

Deployment Method

Schema

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions