Build Failed - Parameters: [oAuthSecretsPathAmplifyAppId] must have values after upgrading Amplify CLI to latest version

[venuvasu]

Before opening, please confirm:

• [X] I have installed the latest version of the Amplify CLI (see above), and confirmed that the issue still persists.
• [X] I have searched for duplicate or closed issues.
• [X] I have read the guide for submitting bug reports.
• [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
• [X] I have removed any sensitive information from my code snippets and submission.

How did you install the Amplify CLI?

npm

If applicable, what version of Node.js are you using?

v16.10.0

Amplify CLI Version

8.3.0

What operating system are you using?

Windows

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

No manual changes made

Amplify Categories

auth, function, api, hosting

Amplify Commands

push

Describe the bug

Upgraded Amplify Version to latest and local build and as well as build from Amplify Hosting (CICD) failing with

Following resources failed

× An error occurred when pushing the resources to the cloud
🛑 An error occurred during the push operation: /
Resource is not in the state stackUpdateComplete

Error from CFN stack is

UPDATE_FAILED authelevatehire293576c8 AWS::CloudFormation::Stack Tue May 24 2022 11:05:12 GMT-0600 (Mountain Daylight Time) Parameters: [oAuthSecretsPathAmplifyAppId] must have values

Project does not have any Secrets value configured.

Expected behavior

Amplify Push successful and updated resources in the cloud.

Reproduction steps

1. Upgrade to latest version of Amplify
2. amplify push
3. Observer the error.

Workaround

1. Downgrade Amplify CLI - 8.2
2. amplify push
3. Works fine

GraphQL schema(s)

```graphql # Put schemas below this line ```

Log output

``` # Put your logs below this line ```

Additional information

No response

[akshbhu]

Hi @venuvasu

Can you check if the Team provider file contains this value ?

Also if possible can you send your amplify folder to amplify-cli@amazon.com after redacting any secret info from it?

[venuvasu]

The Team provider file does not contain this value. This project does not have any OAuth/Secret configuration. I have sent amplify folder zipped to email mentioned.

[YuantongL]

I'm having similar issue, after upgrade and made some irrelavant changes, oAuthSecretsPathAmplifyAppId is automatically set, then a push gives me error Parameters: [hostedUIProviderCreds] must have values.

Then I give it a empty arry, it is then giving me error of Parameters: [oAuthSecretsPathAmplifyAppId] do not exist in the template

my team-provider-info.json looks like

      "auth": {
        "my_app_name": {
          "oAuthSecretsPathAmplifyAppId": "a_valid_app_id",
          "hostedUIProviderCreds": []
        },
        "userPoolGroups": {}
      }

[josefaidt]

Hey @YuantongL I was able to reproduce that issue (hostedUIProviderCreds) on a project created with CLI 8.2.0 with default social auth and a single provider, upgrading to 8.3.0, adding a function and pushing. While I also saw oAuthSecretsPathAmplifyAppId automatically added on push, amplify env checkout <current-env-name> should also add this value.

Marking as a bug 🙂

[YuantongL]

@josefaidt thanks for investigation. How do I get around this on 8.3.0 and able to push?

[josefaidt]

Hey @YuantongL we can step back through amplify update auth > Walkthrough all configurations and re-apply the social provider credentials:

> amplify update auth
Please note that certain attributes may not be overwritten if you choose to use defaults settings.

You have configured resources that might depend on this Cognito resource.  Updating this Cognito resource could have unintended side effects.

Using service: Cognito, provided by: awscloudformation
 What do you want to do? 
  Apply default configuration without Social Provider (Federation) 
❯ Walkthrough all the auth configurations 
  Add/Edit signin and signout redirect URIs 
  - Update OAuth social providers (Disabled: You have not initially configured OAuth.)
  Create or update Cognito user pool groups 
  Create or update Admin queries API

What do you want to do? Walkthrough all the auth configurations
 Select the authentication/authorization services that you want to use: User Sign-Up, Sign-In, con
nected with AWS IAM controls (Enables per-user Storage features for images or other content, Analy
tics, and more)
 Allow unauthenticated logins? (Provides scoped down permissions that you can control via AWS IAM)
 No
 Do you want to enable 3rd party authentication providers in your identity pool? Yes
 Select the third party identity providers you want to configure for your identity pool: Facebook

 You've opted to allow users to authenticate via Facebook.  If you haven't already, you'll need to
 go to https://developers.facebook.com and create an App ID. 

 Enter your Facebook App ID for your identity pool:  fakeappid
 Do you want to add User Pool Groups? No
 Do you want to add an admin queries API? No
 Multifactor authentication (MFA) user login options: OFF
 Email based user registration/forgot password: Enabled (Requires per-user email entry at registra
tion)
 Specify an email verification subject: Your verification code
 Specify an email verification message: Your verification code is {####}
 Do you want to override the default password policy for this User Pool? No
 Specify the app's refresh token expiration period (in days): 30
 Do you want to specify the user attributes this app can read and write? No
 Do you want to enable any of the following capabilities? 
 Do you want to use an OAuth flow? Yes
 What domain name prefix do you want to use? 10466ba580d2b-ba580d2b
 Which redirect signin URIs do you want to edit? 
 Do you want to add redirect signin URIs? No
 Which redirect signout URIs do you want to edit? 
 Do you want to add redirect signout URIs? No
 Select the OAuth flows enabled for this project. Authorization code grant
 Select the OAuth scopes enabled for this project. Phone, Email, OpenID, Profile, aws.cognito.sign
in.user.admin
 Select the identity providers you want to configure for your user pool: Facebook

 You've opted to allow users to authenticate via Facebook.  If you haven't already, you'll need to
 go to https://developers.facebook.com and create an App ID. 

 Enter your Facebook App ID for your OAuth flow:  fakeappid
 Enter your Facebook App Secret for your OAuth flow:  fakeappsecret
? Do you want to configure Lambda Triggers for Cognito? No

[sayu-agiliad]

Hey @YuantongL we can step back through amplify update auth > Walkthrough all configurations and re-apply the social provider credentials:

> amplify update auth
Please note that certain attributes may not be overwritten if you choose to use defaults settings.

You have configured resources that might depend on this Cognito resource.  Updating this Cognito resource could have unintended side effects.

Using service: Cognito, provided by: awscloudformation
 What do you want to do? 
  Apply default configuration without Social Provider (Federation) 
❯ Walkthrough all the auth configurations 
  Add/Edit signin and signout redirect URIs 
  - Update OAuth social providers (Disabled: You have not initially configured OAuth.)
  Create or update Cognito user pool groups 
  Create or update Admin queries API

What do you want to do? Walkthrough all the auth configurations
 Select the authentication/authorization services that you want to use: User Sign-Up, Sign-In, con
nected with AWS IAM controls (Enables per-user Storage features for images or other content, Analy
tics, and more)
 Allow unauthenticated logins? (Provides scoped down permissions that you can control via AWS IAM)
 No
 Do you want to enable 3rd party authentication providers in your identity pool? Yes
 Select the third party identity providers you want to configure for your identity pool: Facebook

 You've opted to allow users to authenticate via Facebook.  If you haven't already, you'll need to
 go to https://developers.facebook.com and create an App ID. 

 Enter your Facebook App ID for your identity pool:  fakeappid
 Do you want to add User Pool Groups? No
 Do you want to add an admin queries API? No
 Multifactor authentication (MFA) user login options: OFF
 Email based user registration/forgot password: Enabled (Requires per-user email entry at registra
tion)
 Specify an email verification subject: Your verification code
 Specify an email verification message: Your verification code is {####}
 Do you want to override the default password policy for this User Pool? No
 Specify the app's refresh token expiration period (in days): 30
 Do you want to specify the user attributes this app can read and write? No
 Do you want to enable any of the following capabilities? 
 Do you want to use an OAuth flow? Yes
 What domain name prefix do you want to use? 10466ba580d2b-ba580d2b
 Which redirect signin URIs do you want to edit? 
 Do you want to add redirect signin URIs? No
 Which redirect signout URIs do you want to edit? 
 Do you want to add redirect signout URIs? No
 Select the OAuth flows enabled for this project. Authorization code grant
 Select the OAuth scopes enabled for this project. Phone, Email, OpenID, Profile, aws.cognito.sign
in.user.admin
 Select the identity providers you want to configure for your user pool: Facebook

 You've opted to allow users to authenticate via Facebook.  If you haven't already, you'll need to
 go to https://developers.facebook.com and create an App ID. 

 Enter your Facebook App ID for your OAuth flow:  fakeappid
 Enter your Facebook App Secret for your OAuth flow:  fakeappsecret
? Do you want to configure Lambda Triggers for Cognito? No

This worked for me . @josefaidt , you are a saviour again 👍 🙇‍♂️

[sayu-agiliad]

@josefaidt I was able to push from the amplify cli. However, when i pushed to my repo, the CI / CD failed in the backend build process.

[YuantongL]

The solution @josefaidt posted works for me as well, thanks!

EDIT: However.... After a successful push, I did an amplify pull and got

✖ There was an error initializing your environment.
🛑 Unexpected end of JSON input
SyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)
    at getOAuthProviderKeys (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-auth/lib/provider-utils/awscloudformation/index.js:157:38)
    at updateConfigOnEnvInit (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-auth/lib/provider-utils/awscloudformation/index.js:103:36)
    at /snapshot/repo/build/node_modules/@aws-amplify/amplify-category-auth/lib/index.js:273:34
    at /snapshot/repo/build/node_modules/promise-sequential/index.js:16:18
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)

[elankeeran]

I'm having similar issue, after upgrade and made some irrelavant changes, oAuthSecretsPathAmplifyAppId is automatically set, then a push gives me error Parameters: [hostedUIProviderCreds] must have values.

Then I give it a empty arry, it is then giving me error of Parameters: [oAuthSecretsPathAmplifyAppId] do not exist in the template

my team-provider-info.json looks like

      "auth": {
        "my_app_name": {
          "oAuthSecretsPathAmplifyAppId": "a_valid_app_id",
          "hostedUIProviderCreds": []
        },
        "userPoolGroups": {}
      }

Thanks solution working fine, after this updated I ran amplify update auth and working fine

[skellish-aws]

Having similar issue after updating to 8.3.0. Using Cognito federating with Amazon internal federation system (not amazon.com).

My team-provider-info,json looks like this:

... "categories": { "auth": { "my_app_name": {}, "userPoolGroups": {} }, ...

Not sure how to add the "oAuthSecretsPathAmplifyAppId": "my-app-id"

I can't add it directly to the file because its removed as soon as I do 'amplify push'.

This was not an issue before I upgrated from 8.2.0 to 8.3.0. Going back to 8.2.0 does not help.

[crouffer]

I am also experiencing this issue. Locally, I can do an amplify push using 8.1.0. When I push to the CI/CD, I get the error:

2022-05-26T16:48:07.894Z [INFO]: UPDATE_FAILED authnavigarab802d28 AWS::CloudFormation::Stack Thu May 26 2022 16:48:03 GMT+0000 (Coordinated Universal Time) Parameters: [oAuthSecretsPathAmplifyAppId] must have values

[sayu-agiliad]

I was able to circumvent by not having Oauth flow.

On Thu, 26 May 2022 at 10:39 PM crouffer @.***> wrote:

I am also experiencing this issue. Locally, I can do an amplify push using 8.1.0. When I push to the CI/CD, I get the error:

2022-05-26T16:48:07.894Z [INFO]: UPDATE_FAILED authnavigarab802d28 AWS::CloudFormation::Stack Thu May 26 2022 16:48:03 GMT+0000 (Coordinated Universal Time) Parameters: [oAuthSecretsPathAmplifyAppId] must have values

— Reply to this email directly, view it on GitHub https://github.com/aws-amplify/amplify-cli/issues/10466#issuecomment-1138810557, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE6NVOVHG3HTYDBATWQNB2DVL6V5TANCNFSM5W2XLWHA . You are receiving this because you commented.Message ID: @.***>

-- Regards, Sayu Sekhar.

--

Disclaimer: This email message including any attachments is confidential, and may be privileged and proprietary to Agiliad. If you are not the intended recipient, please notify us immediately by replying to this message and destroy all copies of this message including any attachments. You are NOT authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. Thank you.

[pnedelko]

I'm using cli:7.6.8 and get the same issue: Parameters: [oAuthSecretsPathAmplifyAppId] must have values.

Don't have the issue with an env, that I deploy manually. But got the error in an env, that has CI/CD.

What helped: pinning a version in the amplify app build settings to 7.6.15.

[gailuron1964]

I tried the suggested workarounds:

1. amplify env checkout <env>
2. amplify auth update and the Walkthrough all the auth configurations

None of these solve the issues. The oAuthSecretsPathAmplifyAppId field doesn't get populated in team-provider-info.json.

The only thing that works is disabling oauth / amplify push / re-enabling oauth / amplify push. But this has to be done every time, after the CI pipeline builds.

Had to deactivate 3rd party authentication in prod 😢

[edwardfoyle]

We have reverted the change that caused this issue. Please upgrade to version 8.3.1

[YuantongL]

There's still something not right about this, at least how the cli is handling the project that had failed due to prior error.

Running amplify pull I got

⠙ Fetching updates to backend environment: develop from the cloud.✅ GraphQL schema compiled successfully.

Edit your schema at /Users/yuantonglu/Developer/TapApp/amplify/backend/api/TapApp/schema.graphql or place .graphql files in a directory at /Users/yuantonglu/Developer/TapApp/amplify/backend/api/TapApp/schema
✔ Successfully pulled backend environment develop from the cloud.
✔ Channel information retrieved for APNS
✔ Channel is not setup for FCM 
✔ Channel is not setup for Email 
✔ Channel is not setup for SMS 
✖ There was an error initializing your environment.
🛑 Unexpected end of JSON input
SyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)
    at getOAuthProviderKeys (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-auth/lib/provider-utils/awscloudformation/index.js:157:38)
    at updateConfigOnEnvInit (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-auth/lib/provider-utils/awscloudformation/index.js:103:36)
    at /snapshot/repo/build/node_modules/@aws-amplify/amplify-category-auth/lib/index.js:278:34
    at /snapshot/repo/build/node_modules/promise-sequential/index.js:16:18
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)

Running amplify push I'm getting

UPDATE_IN_PROGRESS          HostedUIProvidersCustomResourceInputs                  Custom::LambdaCallout      Tue May 31 2022 21:45:21 GMT-0400 (Eastern Daylight Time) Requested update required the provider to create a new physical resource                                                                                                                                                  
UPDATE_FAILED               HostedUIProvidersCustomResourceInputs                  Custom::LambdaCallout      Tue May 31 2022 21:45:21 GMT-0400 (Eastern Daylight Time) Received response status [FAILED] from custom resource. Message returned: See the details in CloudWatch Log Stream: 2022/06/01/[$LATEST]4804f183867542f7ac8990e01f396996 (RequestId: 3ddd3b68-e26b-4551-ba71-8594e0e308ae)
UPDATE_ROLLBACK_IN_PROGRESS amplify-tapapp-develop-195658-authTapApp-1VSLUWFWZA0B8 AWS::CloudFormation::Stack Tue May 31 2022 21:45:23 GMT-0400 (Eastern Daylight Time) The following resource(s) failed to update: [HostedUIProvidersCustomResourceInputs].                                                                                                                                      
⠇ Updating resources in the cloud. This may take a few minutes...

UPDATE_FAILED authTapApp AWS::CloudFormation::Stack Tue May 31 2022 21:45:27 GMT-0400 (Eastern Daylight Time) Embedded stack arn:aws:cloudformation:us-east-1:969017758831:stack/amplify-tapapp-develop-195658-authTapApp-1VSLUWFWZA0B8/0d8818c0-8ec4-11ec-97a1-0a1b8104e20f was not successfully updated. Currently in UPDATE_ROLLBACK_IN_PROGRESS with reason: The following resource(s) failed to update: [HostedUIProvidersCustomResourceInputs]. 
⠸ Updating resources in the cloud. This may take a few minutes...

Basically can't do anything right now.

Running on 8.3.1, this is my team-provider-info.json after cli automatically updated it

      "auth": {
        "TapApp": {
          "oAuthSecretsPathAmplifyAppId": "FAKE_ID",
          "appleAppId": "FAKE_ID"
        },
        "userPoolGroups": {},
        "true": {
          "appleAppId": "FAKE_ID"
        }
      }

EDIT: I have to redo amplify update auth with walk though everything option, after that is done seems working fine.