`amplify update auth` command should show the existing settings

[mrcoles]

Is your feature request related to a problem? Please describe.

If I run amplify update auth it provides a complicated series of questions to answer. It’s hard to remember what values were chosen the first time around.

Describe the solution you'd like

It would be really helpful if it showed me the existing value for each one during each step.

Describe alternatives you've considered

Trying to read through my cloudformation files?

Additional context

This came up because I wanted to update my project to include hosted UI info as specified here: https://github.com/aws-amplify/amplify-cli/issues/844#issuecomment-479583969

[kaustavghosh06]

@mrcoles What questions are you seeing as a part of the amplify update flow? We do retain the values from your previous responses (At least that's the expected behavior), and use it to show the amplify update questions.

[mrcoles]

@kaustavghosh06 I detailed my experience below.

For "What do you want to do?", I selected, "Walkthrough all the auth configurations" (It seemed like the other approaches might auto-overwrite things I had already chosen).

1. "Select the authentication/authorization services that you want to use" - no default value
2. "Allow unauthenticated logins?" - no default value (but I see "allowUnauthenticatedIdentities" in parameters.json)
3. "Do you want to enable 3rd party authentication providers in your identity pool?" - no default value
4. "Select the third party identity providers you want to configure for your identity pool" - has previous values as defaults!
5. "Enter your … ID for your identity pool" - has previous values as defaults
6. "Multifactor authentication (MFA) user login options" - unclear if this is defaulting to what I chose or not (it matches the first choice)
7. "Email based user registration/forgot password" - unclear if this is defaulting to what I chose or not (it matches the first choice)
8. "Please specify an email verification subject" - seems to have default
9. "Please specify an email verification message" - seems to have default
10. "Do you want to override the default password policy for this User Pool?" - unclear if I choose "n" if it will keep my previous settings or use the standard defautls?
11. all password policy overrides are reading from and showing my defaults
12. "Do you want to specify the user attributes this app can read and write?" - same concern as step 10
13. all user attribute settings are showing my defaults
14. "Do you want to use an OAuth flow?" - OK this appears to be the part I actually wanted to edit, this is for the hosted UI
15. "What domain name prefix you want us to create for you?" - this is tough because I’d really like to just use my existing one that I created manually in the web console, what happens if I specify that here? Also, does the value I enter get modified by multi-env stuff?

16. "Enter your redirect signin URI" - this is confusing, the web console UI allows multiple URLs here:

    Enter your callback URLs below that you will include in your sign in and sign out requests. Each field can contain multiple URLs by entering a comma after each URL.

    Also, my URLs don’t end with a trailing slash, but it seems like the console needlessly enforces that URIs must have a trailing slash?

    The value must be a valid URI with a trailing forward slash. HTTPS must be used instead of HTTP unless you are using localhost.

    At this point, I just gave up and just ctrl+c'ed out of the wizard.

One concept that would work well for me is if I could skip steps and only do steps that mattered to me, because in this case I only wanted to do the "Do you want to use an OAuth flow?" step. In this specific case I got caught up in that step anyways and just bailed. It seems safer to leave my existing working setups than risk messing them up?

Hopefully this info helps!

[kaustavghosh06]

@mrcoles Thanks a ton for sending over this. This would greatly help us in making the update flow better.

[jkeys-ecg-nmsu]

10 on your list is a great catch, I rarely find myself running auth update but it is a pain to make sure the updated password policy matches the existing policy.

[ketakbhatt]

any update on this? I still not see user friendly version of existing settings when using command amplify auth update

[ketakbhatt]

Below does not add any value:

% amplify auth update Please note that certain attributes may not be overwritten if you choose to use defaults settings.

You have configured resources that might depend on this Cognito resource. Updating this Cognito resource could have unintended side effects.

Using service: Cognito, provided by: awscloudformation What do you want to do? Walkthrough all the auth configurations Select the authentication/authorization services that you want to use: I want to learn more.

Amazon Cognito identity pools provide temporary AWS credentials for users who are guests (unauthenticated) and for users who have been authenticated and received a token. An identity pool is a store of user identity data specific to your account.

If you choose to use the default configuration, this utility will set up both a Userpool and an Identity Pool.

Select the authentication/authorization services that you want to use: (Use arrow keys) ❯ User Sign-Up, Sign-In, connected with AWS IAM controls (Enables per-user Storage features for images or other content, Analytics, and more) User Sign-Up & Sign-In only (Best used with a cloud API only) I want to learn more.

[josefaidt]

cc @renebrandel for visibility

[jk171505]

any update on this? it's been 3 years... what needs to happen?

[renschler]

@mrcoles write-up is fantastic, covers the pains I'm facing now

I'd like to trigger a lambda function after Cognito Confirmation; this is a simple change but the auth update flow is complicated and doesn't clearly show me what my existing settings are. I also decided to ctrl-c out of the flow because I'm afraid to make breaking changes

[BernhardSmuts]

@renschler @mrcoles @kaustavghosh06

...I'm sitting with this exact issue. I work on a number of apps using Amplify and can't remember, for the life of me, what the settings were or how they relate to the config files.

I would like to update one setting at a time (Add a new Lambda Trigger) however, I am scared I make breaking changes in the other settings using the config all-or-nothing logic flow this approach uses.

I have resorted to making an individual lambda function and then linking it every time in the console. This is a messy approach and shouldn't be necessary.

This CLI should give a simple "skip this" option

[fhnstephen]

And updates? I am stuck with the exact issue as well, just want to add another Cognito lambda trigger.

[projectforeveryoung]

Any updates on this? It is a common use case to revise auth settings as the project develops, based on my own experience and the comments above. I actually brick'ed a previous project by pushing a change after running "amplify update auth" (local worked but the remote build started failing after I push'ed), so I'm a bit hesitant to use the command in general. I ended up having to start with a clean install to fix that problem. Thanks for the support.

[zhenxuanjameszhang]

I have found a temporarily work around for this. All the options chosen is in cli-inputs.json. Once I made the changes on the desired config through amplify auth update, I will try to fill the rest of the field to previous configuration. Then, I will observe changes in cli-inputs.json and only pick changes that is intended before running amplify push

Note: the amplify cli version that we used is 12.0.3. And, I am using this for iOS application.

[g33kracc00n]

Any updates ?

[MitchellNeill]

Updates?

[calebsjames]

Updates?

[vtrikoupis]

It is absolutely insane to not be able to choose which part of auth to update and having to go through all options. Very error prone, very time consuming. This should be highly prioritised by the amplify team