aws-amplify / amplify-category-api

The AWS Amplify CLI is a toolchain for simplifying serverless web and mobile development. This plugin provides functionality for the API category, allowing for the creation and management of GraphQL and REST based backends for your amplify project.
https://docs.amplify.aws/
Apache License 2.0
89 stars 77 forks source link

Reopen: Unable to get Subscription context from lambda Custom Auth #2090 #2843

Open wulianer opened 2 months ago

wulianer commented 2 months ago

How did you install the Amplify CLI?

N/A

If applicable, what version of Node.js are you using?

N/A

Amplify CLI Version

N/A

What operating system are you using?

iOS

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

NO

Describe the bug

Reopen this ticket https://github.com/aws-amplify/amplify-category-api/issues/2090

The issue still exists and no solution yet.

Expected behavior

The field "queryString" should be populated with the query, and the field "variables" should be populated with the variables.

Reproduction steps

Configure the AppSync API to use Lambda Auth Try to subscribe to a mutation method from AWS AppSync Console.

Project Identifier

No response

Log output

``` # Put your logs below this line ```

Additional information

No response

Before submitting, please confirm:

MichaelPHanley commented 2 months ago

This is also happening to us both from the AWS AppSync console and in code. On occasion subscriptions will work and we can subscribe, but the majority of the time queryString and variables are empty and we are unable to validate requests.

We have no issues with Queries or Mutations running through Lambda Auth only subscriptions.

MichaelPHanley commented 2 months ago

After some troubleshooting, I'm nearly certain this results from AppSync sending the connection init message to the authorizer. This message doesn't contain the query or the variables. The start subscription message will include them. So if you do not allow the init to go through, neither will the variables or query.

This presents other problems with lambda auth caching in AppSync because the token is already authorized and cached without actually validating the values from the query.

AnilMaktala commented 2 months ago

Hi @wulianer, Thank you for bringing this up and conducting further analysis. As you mentioned, this issue needs to be addressed by the AppSync team. We will raise a ticket with them and keep this one updated with any progress.