Issue with create mutation concatenating the username twice

[rafaelfaria]

How did you install the Amplify CLI?

npm

If applicable, what version of Node.js are you using?

No response

Amplify CLI Version

12.13.0

What operating system are you using?

Mac

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

No manual changes made

Describe the bug

When creating a new record using Cognito authentication in an Amplify project, the username field is being populated incorrectly. The username value appears duplicated in the format userID::userID instead of the expected single userID format. This is affecting our ability to query and manage records accurately, as the concatenated format does not match our expected schema.

It creates the record, but the response comes null for all the stuff that needs to relate to.

Expected behavior

The username field should only contain the user’s Cognito ID as a single value (e.g., userID), without any additional concatenation.

Reproduction steps

1. Define a model in the schema with a field (e.g., username) marked with @auth rules that depend on owner and allow: owner with custom ownerField.

type League @model
  @auth(
    rules: [
      { allow: owner, ownerField: "username" },
      { allow: private, provider: iam }
    ]
  )
{
  id: ID!
  clubID: ID! @index(name: "byClubLeague", queryField: "listLeaguesByClubId")
  club: Club @belongsTo(fields: ["clubID"])
  name: String!
  tournaments: [Tournament] @hasMany(indexName: "byLeagueTournament", fields: ["id"])
  username: String
}

2. Use Cognito to create a new record for this model, ensuring that Cognito automatically populates the username.

 async create(input: CreateLeagueInput) {

    const { data } = await API.graphql(
      graphqlOperation(createLeague, { input: { ...input } })
    ) as CreateLeagueResult;

    if (!data) {
      throw new Error('There was an issue trying to create a new league');
    }

    return data.createLeague;
  }

3. Query or inspect the new record, observing that the username field contains a duplicated userID::userID instead of the expected single user ID.
   You will get something like "244884a8-20c1-7099-7bab-b1e8c8eef5fb::244884a8-20c1-7099-7bab-b1e8c8eef5fb"

Project Identifier

253d375723e7e6353e94c2aed253815a

Log output

# Put your logs below this line

Additional information

The issue is occurring in an environment where we use Amplify's @auth directive with owner authorization. This unintended concatenation might be due to the IAM and Cognito configurations or a possible bug in the auto-population of owner fields by Amplify. Creating a lambda function to create the league through IAM in the backend works but is not a sustainable solution.

Besides, due to these issues, I am getting a lot of errors like below, which I am assuming is due of this issue with the double format username.

Before submitting, please confirm:

• I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
• I have removed any sensitive information from my code snippets and submission.

[sundersc]

@rafaelfaria This is the default behavior. When amplify auto populates the owner field, it uses sub::username format. Depending on the cognito configuration, sub and username may be the same. If you explicitly pass the username in the request, then it should be respected. But currently there is no option to configure how the auto-populate works.

[rafaelfaria]

Interesting. And even thou the permissions are set like that, it still respect the auth? meaning, it is either sub::username or just username?

[sundersc]

Yes, it will still respect the auth. Recommendation is to use the default sub::username. However we support just the sub or username as well.