fix(DataStore): Fallback when missing auth rule providers to API requirements (#1465)

lawmicha · web-flow · commit 19585f3c1f9c · 2021-10-14T13:26:03.000-04:00
* fix(DataStore): Fallback when missing auth rule providers to API requirements

* address PR comments and add unit tests

* integ test updates

* fix MockAPIPlugin

* fix conflict API unit test with Amplify.reset
diff --git a/Amplify.xcodeproj/project.pbxproj b/Amplify.xcodeproj/project.pbxproj
@@ -16,6 +16,8 @@
 		210DBC142332B3C6009B9E51 /* StorageGetURLOperation.swift in Sources */ = {isa = PBXBuildFile; fileRef = 210DBC132332B3C6009B9E51 /* StorageGetURLOperation.swift */; };
 		210DBC162332B3CB009B9E51 /* StorageDownloadDataOperation.swift in Sources */ = {isa = PBXBuildFile; fileRef = 210DBC152332B3CB009B9E51 /* StorageDownloadDataOperation.swift */; };
 		210DBC472332F0C5009B9E51 /* StorageError.swift in Sources */ = {isa = PBXBuildFile; fileRef = 210DBC462332F0C5009B9E51 /* StorageError.swift */; };
+		211A81DB2717239100C5483D /* AWSAPIAuthInformation.swift in Sources */ = {isa = PBXBuildFile; fileRef = 211A81DA2717239100C5483D /* AWSAPIAuthInformation.swift */; };
+		211A82012718631800C5483D /* AWSAuthorizationTypeTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 211A82002718631800C5483D /* AWSAuthorizationTypeTests.swift */; };
 		211FFEE326CD650500F0DB75 /* DataStoreQuerySnapshot.swift in Sources */ = {isa = PBXBuildFile; fileRef = 211FFEE226CD650500F0DB75 /* DataStoreQuerySnapshot.swift */; };
 		2125E2542319EC3100B3DEB5 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 2125E2532319EC3100B3DEB5 /* AppDelegate.swift */; };
 		2125E2562319EC3100B3DEB5 /* ViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 2125E2552319EC3100B3DEB5 /* ViewController.swift */; };
@@ -848,6 +850,8 @@
 		210DBC132332B3C6009B9E51 /* StorageGetURLOperation.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = StorageGetURLOperation.swift; sourceTree = "<group>"; };
 		210DBC152332B3CB009B9E51 /* StorageDownloadDataOperation.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = StorageDownloadDataOperation.swift; sourceTree = "<group>"; };
 		210DBC462332F0C5009B9E51 /* StorageError.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = StorageError.swift; sourceTree = "<group>"; };
+		211A81DA2717239100C5483D /* AWSAPIAuthInformation.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AWSAPIAuthInformation.swift; sourceTree = "<group>"; };
+		211A82002718631800C5483D /* AWSAuthorizationTypeTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AWSAuthorizationTypeTests.swift; sourceTree = "<group>"; };
 		211FFEE226CD650500F0DB75 /* DataStoreQuerySnapshot.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DataStoreQuerySnapshot.swift; sourceTree = "<group>"; };
 		2125E2102318D73B00B3DEB5 /* awsconfiguration.json */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.json; path = awsconfiguration.json; sourceTree = "<group>"; };
 		2125E2512319EC3000B3DEB5 /* AmplifyTestApp.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = AmplifyTestApp.app; sourceTree = BUILT_PRODUCTS_DIR; };
@@ -2224,6 +2228,7 @@
 			isa = PBXGroup;
 			children = (
 				21C395B2245729EC00597EA2 /* AppSyncErrorType.swift */,
+				211A81DA2717239100C5483D /* AWSAPIAuthInformation.swift */,
 			);
 			path = API;
 			sourceTree = "<group>";
@@ -2523,8 +2528,9 @@
 		6BEE0815253114E600133961 /* Auth */ = {
 			isa = PBXGroup;
 			children = (
-				6BEE0816253114FD00133961 /* AWSAuthServiceTests.swift */,
 				76C0F4EA26797F3C00F0E6AB /* AuthModeStrategyTests.swift */,
+				211A82002718631800C5483D /* AWSAuthorizationTypeTests.swift */,
+				6BEE0816253114FD00133961 /* AWSAuthServiceTests.swift */,
 			);
 			path = Auth;
 			sourceTree = "<group>";
@@ -4781,6 +4787,7 @@
 				21420AA0237222A900FA140C /* AWSAuthorizationType.swift in Sources */,
 				B4EBEB64246204D000D06375 /* AuthAWSCredentialsProvider.swift in Sources */,
 				212CE6FC23E9E523007D8E71 /* SelectionSet.swift in Sources */,
+				211A81DB2717239100C5483D /* AWSAPIAuthInformation.swift in Sources */,
 				2129BE1F2394806B006363A1 /* Model+GraphQL.swift in Sources */,
 				212CE70323E9E967007D8E71 /* GraphQLMutation.swift in Sources */,
 				2129BE0F23948005006363A1 /* SingleDirectiveGraphQLDocument.swift in Sources */,
@@ -4842,6 +4849,7 @@
 				76C0F4EC26797F4500F0E6AB /* AuthModeStrategyTests.swift in Sources */,
 				2129BE3A2394828B006363A1 /* QueryPredicateGraphQLTests.swift in Sources */,
 				2129BE48239489AC006363A1 /* MutationSyncMetadataTests.swift in Sources */,
+				211A82012718631800C5483D /* AWSAuthorizationTypeTests.swift in Sources */,
 				216E45F1248E971E0035E3CE /* GraphQLRequestEmbeddableTypeTests.swift in Sources */,
 				21A3FDAF24630D7F00E76120 /* ModelWithOwnerFieldAuthRuleTests.swift in Sources */,
 				6BDF15B825412DE600B5BE69 /* ModelWithOwnerAuthAndMultiGroup.swift in Sources */,
diff --git a/AmplifyPlugins/API/APICategoryPlugin.xcodeproj/project.pbxproj b/AmplifyPlugins/API/APICategoryPlugin.xcodeproj/project.pbxproj
@@ -11,6 +11,8 @@
 		1FF6093C5054651046CBD72F /* Pods_HostApp_AWSAPICategoryPluginTestCommon_GraphQLWithLambdaAuthIntegrationTests.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4DFADA148F376B33D0F75509 /* Pods_HostApp_AWSAPICategoryPluginTestCommon_GraphQLWithLambdaAuthIntegrationTests.framework */; };
 		210E217E265E9BB000D90ED8 /* GraphQLModelBasedTests+Concurrency.swift in Sources */ = {isa = PBXBuildFile; fileRef = 210E217D265E9BB000D90ED8 /* GraphQLModelBasedTests+Concurrency.swift */; };
 		210E2180265EFD6800D90ED8 /* GraphQLSyncCustomPrimaryKeyTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 210E217F265EFD6800D90ED8 /* GraphQLSyncCustomPrimaryKeyTests.swift */; };
+		211A81DD27176C7300C5483D /* AWSAPIPlugin+AuthInformation.swift in Sources */ = {isa = PBXBuildFile; fileRef = 211A81DC27176C7300C5483D /* AWSAPIPlugin+AuthInformation.swift */; };
+		211A81FF271851B000C5483D /* AWSAPICategoryPlugin+AuthInformationTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 211A81FE271851B000C5483D /* AWSAPICategoryPlugin+AuthInformationTests.swift */; };
 		211BEDF025E5904E004F367A /* AWSHTTPURLResponse.swift in Sources */ = {isa = PBXBuildFile; fileRef = 211BEDEF25E5904E004F367A /* AWSHTTPURLResponse.swift */; };
 		211BEDFB25E59DC8004F367A /* AWSHTTPURLResponseTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 211BEDFA25E59DC8004F367A /* AWSHTTPURLResponseTests.swift */; };
 		21233D032469B06B00039337 /* SocialNote.swift in Sources */ = {isa = PBXBuildFile; fileRef = 21233D022469B06B00039337 /* SocialNote.swift */; };
@@ -344,6 +346,8 @@
 		1FDC07084023DEF205FF6598 /* Pods-AWSAPICategoryPlugin-AWSAPICategoryPluginTests.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-AWSAPICategoryPlugin-AWSAPICategoryPluginTests.debug.xcconfig"; path = "Target Support Files/Pods-AWSAPICategoryPlugin-AWSAPICategoryPluginTests/Pods-AWSAPICategoryPlugin-AWSAPICategoryPluginTests.debug.xcconfig"; sourceTree = "<group>"; };
 		210E217D265E9BB000D90ED8 /* GraphQLModelBasedTests+Concurrency.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "GraphQLModelBasedTests+Concurrency.swift"; sourceTree = "<group>"; };
 		210E217F265EFD6800D90ED8 /* GraphQLSyncCustomPrimaryKeyTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = GraphQLSyncCustomPrimaryKeyTests.swift; sourceTree = "<group>"; };
+		211A81DC27176C7300C5483D /* AWSAPIPlugin+AuthInformation.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "AWSAPIPlugin+AuthInformation.swift"; sourceTree = "<group>"; };
+		211A81FE271851B000C5483D /* AWSAPICategoryPlugin+AuthInformationTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "AWSAPICategoryPlugin+AuthInformationTests.swift"; sourceTree = "<group>"; };
 		211BEDEF25E5904E004F367A /* AWSHTTPURLResponse.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AWSHTTPURLResponse.swift; sourceTree = "<group>"; };
 		211BEDFA25E59DC8004F367A /* AWSHTTPURLResponseTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AWSHTTPURLResponseTests.swift; sourceTree = "<group>"; };
 		21233D022469B06B00039337 /* SocialNote.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SocialNote.swift; sourceTree = "<group>"; };
@@ -945,6 +949,7 @@
 				21D7A099237B54D90057D00D /* AWSAPIPlugin+InterceptorBehavior.swift */,
 				FA8EE784238632620097E4F1 /* AWSAPIPlugin+Log.swift */,
 				6B33897123AAD94800561E5B /* AWSAPIPlugin+Reachability.swift */,
+				211A81DC27176C7300C5483D /* AWSAPIPlugin+AuthInformation.swift */,
 				21D7A096237B54D90057D00D /* AWSAPIPlugin+Resettable.swift */,
 				21D7A0D0237B54D90057D00D /* AWSAPIPlugin+RESTBehavior.swift */,
 				21D7A0D1237B54D90057D00D /* AWSAPIPlugin+URLSessionBehaviorDelegate.swift */,
@@ -1191,6 +1196,7 @@
 		B4DFA5BE237A611D0013E17B /* AWSAPICategoryPluginTests */ = {
 			isa = PBXGroup;
 			children = (
+				211A81FE271851B000C5483D /* AWSAPICategoryPlugin+AuthInformationTests.swift */,
 				B4DFA5DE237A611D0013E17B /* AWSAPICategoryPlugin+ConfigureTests.swift */,
 				B4DFA5CC237A611D0013E17B /* AWSAPICategoryPlugin+GraphQLBehaviorTests.swift */,
 				B4DFA5C9237A611D0013E17B /* AWSAPICategoryPlugin+InterceptorBehaviorTests.swift */,
@@ -2545,6 +2551,7 @@
 				21D7A118237B54D90057D00D /* APIKeyURLRequestInterceptor.swift in Sources */,
 				21D7A116237B54D90057D00D /* AWSAPIPlugin+URLSessionBehaviorDelegate.swift in Sources */,
 				214BD3D023FB76740059A286 /* AWSSubscriptionConnectionFactory.swift in Sources */,
+				211A81DD27176C7300C5483D /* AWSAPIPlugin+AuthInformation.swift in Sources */,
 				21D7A0E6237B54D90057D00D /* AWSAPICategoryPluginConfiguration+EndpointConfig.swift in Sources */,
 				21D7A0EB237B54D90057D00D /* AWSAPIPlugin+URLSessionDelegate.swift in Sources */,
 				21D7A0DF237B54D90057D00D /* AWSGraphQLOperation.swift in Sources */,
@@ -2610,6 +2617,7 @@
 				21A4F95725A7AEB300E1047D /* GraphQLRequestToListQueryTests.swift in Sources */,
 				FA1C810A25868A4B006160E9 /* AWSAPICategoryPluginAmplifyVersionableTests.swift in Sources */,
 				FADC469524C0E8AF00EF447B /* GraphQLQueryCombineTests.swift in Sources */,
+				211A81FF271851B000C5483D /* AWSAPICategoryPlugin+AuthInformationTests.swift in Sources */,
 				B4DFA5E3237A611D0013E17B /* AWSGraphQLOperationTests.swift in Sources */,
 				763C857326B06E12005164B2 /* AuthenticationTokenAuthInterceptorTests.swift in Sources */,
 				B4DFA5F9237A611D0013E17B /* AWSAPICategoryPlugin+URLSessionDelegateTests.swift in Sources */,
diff --git a/AmplifyPlugins/API/AWSAPICategoryPlugin/AWSAPIPlugin+AuthInformation.swift b/AmplifyPlugins/API/AWSAPICategoryPlugin/AWSAPIPlugin+AuthInformation.swift
@@ -0,0 +1,20 @@
+//
+// Copyright Amazon.com Inc. or its affiliates.
+// All Rights Reserved.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+import Amplify
+import AWSPluginsCore
+import Foundation
+
+extension AWSAPIPlugin {
+    public func defaultAuthType() throws -> AWSAuthorizationType {
+        try defaultAuthType(for: nil)
+    }
+
+    public func defaultAuthType(for apiName: String?) throws -> AWSAuthorizationType {
+        try pluginConfig.endpoints.getConfig(for: apiName).authorizationType
+    }
+}
diff --git a/AmplifyPlugins/API/AWSAPICategoryPlugin/AWSAPIPlugin.swift b/AmplifyPlugins/API/AWSAPICategoryPlugin/AWSAPIPlugin.swift
@@ -9,7 +9,7 @@ import Amplify
 import AWSPluginsCore
 import Foundation
 
-final public class AWSAPIPlugin: NSObject, APICategoryPlugin {
+final public class AWSAPIPlugin: NSObject, APICategoryPlugin, AWSAPIAuthInformation {
     /// The unique key of the plugin within the API category.
     public var key: PluginKey {
         return "awsAPIPlugin"
diff --git a/AmplifyPlugins/API/AWSAPICategoryPluginTests/AWSAPICategoryPlugin+AuthInformationTests.swift b/AmplifyPlugins/API/AWSAPICategoryPluginTests/AWSAPICategoryPlugin+AuthInformationTests.swift
@@ -0,0 +1,55 @@
+//
+// Copyright Amazon.com Inc. or its affiliates.
+// All Rights Reserved.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+import XCTest
+
+@testable import Amplify
+@testable import AWSAPICategoryPlugin
+
+class AWSAPICategoryPluginAuthInformationTests: AWSAPICategoryPluginTestBase {
+
+    func testDefaultAuthTypeForApiName() throws {
+        let apiPlugin = AWSAPIPlugin()
+        let apiPluginConfig: JSONValue = [
+            "api1": [
+                "endpoint": "http://www.example.com",
+                "authorizationType": "API_KEY",
+                "apiKey": "SpecialApiKey33",
+                "endpointType": "REST"
+            ],
+            "api2": [
+                "endpoint": "http://www.example.com",
+                "authorizationType": "AMAZON_COGNITO_USER_POOLS",
+                "endpointType": "GraphQL"
+            ]
+        ]
+
+        try apiPlugin.configure(using: apiPluginConfig)
+        let authType1 = try apiPlugin.defaultAuthType(for: "api1")
+        XCTAssertEqual(authType1, .apiKey)
+        let authTypeFromDefault = try apiPlugin.defaultAuthType()
+        XCTAssertEqual(authTypeFromDefault, .amazonCognitoUserPools)
+        let authType2 = try apiPlugin.defaultAuthType(for: "api2")
+        XCTAssertEqual(authType2, .amazonCognitoUserPools)
+    }
+
+    func testDefaultAuthType() throws {
+        let apiPlugin = AWSAPIPlugin()
+        let apiPluginConfig: JSONValue = [
+            "api1": [
+                "endpoint": "http://www.example.com",
+                "authorizationType": "API_KEY",
+                "apiKey": "SpecialApiKey33",
+                "endpointType": "REST"
+            ]
+        ]
+
+        try apiPlugin.configure(using: apiPluginConfig)
+        let authType = try apiPlugin.defaultAuthType()
+        XCTAssertEqual(authType, .apiKey)
+    }
+}
diff --git a/AmplifyPlugins/API/AWSAPICategoryPluginTests/Configuration/AWSAPICategoryPluginConfigurationTests.swift b/AmplifyPlugins/API/AWSAPICategoryPluginTests/Configuration/AWSAPICategoryPluginConfigurationTests.swift
@@ -34,6 +34,7 @@ class AWSAPICategoryPluginConfigurationTests: XCTestCase {
     }
 
     func testThrowsOnMissingConfig() throws {
+        Amplify.reset()
         let plugin = AWSAPIPlugin()
         try Amplify.add(plugin: plugin)
 
diff --git a/AmplifyPlugins/API/Podfile.lock b/AmplifyPlugins/API/Podfile.lock
@@ -107,4 +107,4 @@ SPEC CHECKSUMS:
 
 PODFILE CHECKSUM: 0abaf757d71567dcf70f5a3e79b0149917c3bb38
 
-COCOAPODS: 1.10.1
+COCOAPODS: 1.11.2
diff --git a/AmplifyPlugins/Core/AWSPluginsCore/API/AWSAPIAuthInformation.swift b/AmplifyPlugins/Core/AWSPluginsCore/API/AWSAPIAuthInformation.swift
@@ -0,0 +1,20 @@
+//
+// Copyright Amazon.com Inc. or its affiliates.
+// All Rights Reserved.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+import Foundation
+
+/// API Plugin's Auth related information
+public protocol AWSAPIAuthInformation {
+
+    /// Returns the deafult auth type from the default endpoint. The endpoint may accept more than one auth mode,
+    /// however the default returned is the one configured on the endpoint configuration. The default endpoint is the
+    /// the one determined by the API plugin, which is the one returned when called without an `apiName`.
+    func defaultAuthType() throws -> AWSAuthorizationType
+
+    /// Returns the default auth type on endpoint specified by `apiName`.
+    func defaultAuthType(for apiName: String?) throws -> AWSAuthorizationType
+}
diff --git a/AmplifyPlugins/Core/AWSPluginsCore/Auth/AWSAuthorizationType.swift b/AmplifyPlugins/Core/AWSPluginsCore/Auth/AWSAuthorizationType.swift
@@ -44,3 +44,15 @@ public enum AWSAuthorizationType: String {
 // swiftlint:enable line_length
 
 extension AWSAuthorizationType: CaseIterable { }
+
+/// Indicates whether the authotization type requires the auth plugin to operate.
+extension AWSAuthorizationType {
+    public var requiresAuthPlugin: Bool {
+        switch self {
+        case .none, .apiKey, .openIDConnect, .function:
+            return false
+        case .awsIAM, .amazonCognitoUserPools:
+            return true
+        }
+    }
+}
diff --git a/AmplifyPlugins/Core/AWSPluginsCoreTests/Auth/AWSAuthorizationTypeTests.swift b/AmplifyPlugins/Core/AWSPluginsCoreTests/Auth/AWSAuthorizationTypeTests.swift
@@ -0,0 +1,22 @@
+//
+// Copyright Amazon.com Inc. or its affiliates.
+// All Rights Reserved.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+import XCTest
+@testable import Amplify
+@testable import AWSPluginsCore
+
+class AWSAuthorizationTypeTests: XCTestCase {
+
+    func testRequiresAuthPlugin() {
+        XCTAssertFalse(AWSAuthorizationType.apiKey.requiresAuthPlugin)
+        XCTAssertFalse(AWSAuthorizationType.none.requiresAuthPlugin)
+        XCTAssertFalse(AWSAuthorizationType.openIDConnect.requiresAuthPlugin)
+        XCTAssertFalse(AWSAuthorizationType.function.requiresAuthPlugin)
+        XCTAssertTrue(AWSAuthorizationType.awsIAM.requiresAuthPlugin)
+        XCTAssertTrue(AWSAuthorizationType.amazonCognitoUserPools.requiresAuthPlugin)
+    }
+}
diff --git a/AmplifyPlugins/DataStore/AWSDataStoreCategoryPlugin/Storage/StorageEngine+SyncRequirement.swift b/AmplifyPlugins/DataStore/AWSDataStoreCategoryPlugin/Storage/StorageEngine+SyncRequirement.swift
@@ -20,7 +20,7 @@ extension StorageEngine {
             return
         }
 
-        let authPluginRequired = requiresAuthPlugin()
+        let authPluginRequired = StorageEngine.requiresAuthPlugin(api)
 
         guard authPluginRequired else {
             syncEngine?.start(api: api, auth: nil)
@@ -38,7 +38,7 @@ extension StorageEngine {
         completion(.successfulVoid)
     }
 
-    private func tryGetAPIPlugin() -> APICategoryGraphQLBehavior? {
+    private func tryGetAPIPlugin() -> APICategoryPlugin? {
         do {
             return try Amplify.API.getPlugin(for: validAPIPluginKey)
         } catch {
@@ -54,18 +54,77 @@ extension StorageEngine {
         }
     }
 
-    private func requiresAuthPlugin() -> Bool {
-        let modelsRequireAuthPlugin = ModelRegistry.modelSchemas.contains {
-            $0.isSyncable && $0.hasAuthenticationRules && $0.authRules.requireAuthPlugin
+    static func requiresAuthPlugin(_ apiPlugin: APICategoryPlugin) -> Bool {
+        let modelsRequireAuthPlugin = ModelRegistry.modelSchemas.contains { schema in
+            guard schema.isSyncable  else {
+                return false
+            }
+            return StorageEngine.requiresAuthPlugin(apiPlugin, authRules: schema.authRules)
         }
+
         return modelsRequireAuthPlugin
     }
+
+    static func requiresAuthPlugin(_ apiPlugin: APICategoryPlugin, authRules: [AuthRule]) -> Bool {
+        if let rulesRequireAuthPlugin = authRules.requireAuthPlugin {
+            return rulesRequireAuthPlugin
+        }
+
+        // Fall back to the endpoint's auth type if a determination cannot be made from the auth rules. This can
+        // occur for older generation of the auth rules which do not have provider information such as the initial
+        // single auth rule use cases. The auth type from the API is used to determine whether or not the auth
+        // plugin is required.
+        if let awsAPIAuthInfo = apiPlugin as? AWSAPIAuthInformation {
+            do {
+                return try awsAPIAuthInfo.defaultAuthType().requiresAuthPlugin
+            } catch {
+                log.error(error: error)
+            }
+        }
+
+        log.warn("""
+            Could not determine whether the auth plugin is required or not. The auth rules present
+            may be missing provider information. When this happens, the API Plugin is used to determine
+            whether the default auth type requires the auth plugin. The default auth type could not be determined.
+        """)
+
+        // If both checks above cannot determine if auth plugin is required, fallback to previous logic
+        let apiAuthProvider = (apiPlugin as APICategoryAuthProviderFactoryBehavior).apiAuthProviderFactory()
+        if apiAuthProvider.oidcAuthProvider() != nil {
+            log.verbose("Found OIDC Auth Provider from the API Plugin.")
+            return false
+        }
+
+        if apiAuthProvider.functionAuthProvider() != nil {
+            log.verbose("Found Function Auth Provider from the API Plugin.")
+            return false
+        }
+
+        // There are auth rules and no ODIC/Function providers on the API plugin, then return true.
+        return true
+    }
+}
+
+internal extension AuthRules {
+    /// Convenience method to check whether we need Auth plugin
+    /// - Returns: true  If **any** of the rules uses a provider that requires the Auth plugin, `nil` otherwise
+    var requireAuthPlugin: Bool? {
+        for rule in self {
+            guard let requiresAuthPlugin = rule.requiresAuthPlugin else {
+                return nil
+            }
+            if requiresAuthPlugin {
+                return true
+            }
+        }
+        return false
+    }
 }
 
 internal extension AuthRule {
-    var requiresAuthPlugin: Bool {
+    var requiresAuthPlugin: Bool? {
         guard let provider = self.provider else {
-            return true
+            return nil
         }
 
         switch provider {
@@ -78,11 +137,3 @@ internal extension AuthRule {
         }
     }
 }
-
-internal extension AuthRules {
-    /// Convenience method to check whether we need Auth plugin
-    /// - Returns: true  If **any** of the rules uses a provider that requires the Auth plugin
-    var requireAuthPlugin: Bool {
-        contains { $0.requiresAuthPlugin }
-    }
-}
diff --git a/AmplifyPlugins/DataStore/AWSDataStoreCategoryPluginAuthIntegrationTests/DefaultAuth/README.md b/AmplifyPlugins/DataStore/AWSDataStoreCategoryPluginAuthIntegrationTests/DefaultAuth/README.md
diff --git a/AmplifyPlugins/DataStore/AWSDataStoreCategoryPluginAuthIntegrationTests/MultiAuth/README.md b/AmplifyPlugins/DataStore/AWSDataStoreCategoryPluginAuthIntegrationTests/MultiAuth/README.md
diff --git a/AmplifyPlugins/DataStore/AWSDataStoreCategoryPluginTests/Sync/StorageEngineSyncRequirementsTests.swift b/AmplifyPlugins/DataStore/AWSDataStoreCategoryPluginTests/Sync/StorageEngineSyncRequirementsTests.swift
diff --git a/AmplifyPlugins/DataStore/Podfile.lock b/AmplifyPlugins/DataStore/Podfile.lock
diff --git a/AmplifyTestCommon/Mocks/MockAPICategoryPlugin.swift b/AmplifyTestCommon/Mocks/MockAPICategoryPlugin.swift

Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,7 @@ class AWSAPICategoryPluginConfigurationTests: XCTestCase {`
`34`	`34`	`}`
`35`	`35`
`36`	`36`	`func testThrowsOnMissingConfig() throws {`
	`37`	`+ Amplify.reset()`
`37`	`38`	`let plugin = AWSAPIPlugin()`
`38`	`39`	`try Amplify.add(plugin: plugin)`
`39`	`40`
Original file line number	Diff line number	Diff line change
`@@ -107,4 +107,4 @@ SPEC CHECKSUMS:`
`107`	`107`
`108`	`108`	`PODFILE CHECKSUM: 0abaf757d71567dcf70f5a3e79b0149917c3bb38`
`109`	`109`
`110`		`-COCOAPODS: 1.10.1`
	`110`	`+COCOAPODS: 1.11.2`