oauth domain is empty in amplify_output.json if defineAuth `name` is specified

[lwang-79]

Environment information

System:
  OS: macOS 14.3.1
  CPU: (10) arm64 Apple M1 Pro
  Memory: 196.23 MB / 32.00 GB
  Shell: /bin/zsh
Binaries:
  Node: 21.5.0 - /opt/homebrew/bin/node
  Yarn: 1.22.19 - /opt/homebrew/bin/yarn
  npm: 10.2.4 - /opt/homebrew/bin/npm
  pnpm: undefined - undefined
NPM Packages:
  @aws-amplify/backend: 1.0.4
  @aws-amplify/backend-cli: 1.1.0
  aws-amplify: 6.3.8
  aws-cdk: 2.147.3
  aws-cdk-lib: 2.147.3
  typescript: 5.5.3
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!                                                                            !!
!!  Node 21 has reached end-of-life on 2024-06-01 and is not supported.       !!
!!  Please upgrade to a supported node version as soon as possible.           !!
!!                                                                            !!
!!  This software is currently running on node v21.5.0.                       !!
!!  As of the current release of this software, supported node releases are:  !!
!!  - ^22.0.0 (Planned end-of-life: 2027-04-30)                               !!
!!  - ^20.0.0 (Planned end-of-life: 2026-04-30)                               !!
!!  - ^18.0.0 (Planned end-of-life: 2025-04-30)                               !!
!!                                                                            !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
AWS environment variables:
  AWS_STS_REGIONAL_ENDPOINTS = regional
  AWS_NODEJS_CONNECTION_REUSE_ENABLED = 1
  AWS_SDK_LOAD_CONFIG = 1
No CDK environment variables

Description

Configure Google Sign-In but it doesn't work.

export const auth = defineAuth({
  loginWith: {
    email: true,
    externalProviders: {
      google: {
        clientId: secret('GOOGLE_CLIENT_ID'),
        clientSecret: secret('GOOGLE_CLIENT_SECRET'),
        scopes: ['openid', 'email', 'profile'],
        attributeMapping: {
          email: 'email',
          preferredUsername: 'name',
          profilePicture: 'picture'
        }
      },
      callbackUrls: [
        'http://localhost:3000/home',
        'https://questions.jinpearl.com/home'
      ],
      logoutUrls: [
        'http://localhost:3000/', 
        'https://questions.jinpearl.com/'
      ],
    },
  },
});

oauth domain in amplify_output.json file is empty.

{
  "auth": {
    ...
    "oauth": {
      "identity_providers": [
        "GOOGLE"
      ],
      "redirect_sign_in_uri": [
        "http://localhost:3000/home",
        "https://questions.jinpearl.com/home"
      ],
      "redirect_sign_out_uri": [
        "http://localhost:3000/",
        "https://questions.jinpearl.com/"
      ],
      "response_type": "code",
      "scopes": [
        "phone",
        "email",
        "openid",
        "profile",
        "aws.cognito.signin.user.admin"
      ],
      "domain": ""
    },
  },
...
}

Google Sing-In works if manually add the domain in amplify_output.json file. Can't define domainPrefix in externalProviders. Tried to override but failed with error User pool already has a domain configured.

backend.auth.resources.userPool.addDomain(
  "domainPrefix", { 
    cognitoDomain: {
      domainPrefix: 'fawegawegaw'
    }
  }
)

[thomasoehri]

I have the same issue. The oauth domain is missing in amplify_outputs.json.

amplify_outputs.json:

...
"oauth": {
      "identity_providers": [
        "GOOGLE"
      ],
      "redirect_sign_in_uri": [
        ...
      ],
      "redirect_sign_out_uri": [
        ...
      ],
      "response_type": "code",
      "scopes": [
        "phone",
        "email",
        "openid",
        "profile",
        "aws.cognito.signin.user.admin"
      ],
      "domain": ""   <-- Domain is missing 
    },
...

[ykethan]

Hey @lwang-79 @thomasoehri, thank you for reaching. Tried reproducing the issue in a new application but did not observe this behavior. The domain should get auto-generated when using the social providers. Are there any overrides being used on the auth resource? Do you observe any error messages on sandbox deploy?

[ernieMrtnz]

I am also running into the same issue, have nothing overriding the auth resource, and have no error messages on sandbox deploy.

I have the same issue. The oauth domain is missing in amplify_outputs.json.

amplify_outputs.json:

...
"oauth": {
      "identity_providers": [
        "GOOGLE"
      ],
      "redirect_sign_in_uri": [
        ...
      ],
      "redirect_sign_out_uri": [
        ...
      ],
      "response_type": "code",
      "scopes": [
        "phone",
        "email",
        "openid",
        "profile",
        "aws.cognito.signin.user.admin"
      ],
      "domain": ""   <-- Domain is missing 
    },
...

[ykethan]

Hey @ernieMrtnz @thomasoehri @lwang-79, could you check the version of @aws-amplify/backend-auth and @aws-amplify/auth-construct in the package lock file? Tried reproing this with @aws-amplify/backend-auth@1.1.0 and @aws-amplify/auth-construct@1.1.5 but did not observe the missing domain. If you observe an older version could you try re-installing the latest version of the packages and let us know if this mitigates the issue?

[ernieMrtnz]

Hey @ykethan, I have these in my lock file: @aws-amplify/backend-auth@1.1.0 @aws-amplify/auth-construct@1.1.5

I've also removed all lambda functions, api gateway, and event bus bridge to just have a simple auth and data resources with no luck in having the domain being set

[ykethan]

Was able to reproduce the issue by adding name to defineAuth. Marking as bug. @ernieMrtnz Thank you for the findings on discord

note: userPool resource with name configured: fooNameUserPoolDomain: UserPoolDomain {...} userPool resource without name configured: UserPoolDomain: UserPoolDomain {...}

[ernieMrtnz]

Was able to reproduce the issue by adding name to defineAuth. Marking as bug. @ernieMrtnz Thank you for the findings on discord

note: userPool resource with name configured: fooNameUserPoolDomain: UserPoolDomain {...} userPool resource without name configured: UserPoolDomain: UserPoolDomain {...}

Anytime! Thank you both for looking into this, really appreciate the work you've done on this library!

[sobolk]

Fix has shipped in https://github.com/aws-amplify/amplify-backend/releases/tag/%40aws-amplify%2Fauth-construct%401.1.6