search

aws-amplify / amplify-cli

The AWS Amplify CLI is a toolchain for simplifying serverless web and mobile development.
Apache License 2.0
2.81k stars 821 forks source link

Bad State: No instance found for CognitoOAuthConfig (SSO w/ existing cognito user pool) #12825

Closed jfacoustic closed 1 year ago

jfacoustic commented 1 year ago

Description

I'm trying to implement SSO with an existing Cognito repository. I was initially using this third-party library, but am switching to Amplify because it appears to be simpler to set up SSO.

When I run Amplify.Auth.signInWithWebUI(provider: AuthProvider.google); I get the error: Bad State: No instance found for CognitoOAuthConfig.

Categories

Steps to Reproduce

  1. amplify import auth
  2. Select Cognito User Pool only
  3. Select a user pool with federated identity set up with these instructions. Note that I am using the same app client for both web and mobile.
  4. This outputs the following: Federated identity providers are not configured, no OAuth configuration needed. This may be the root of the problem, but I already set up a Federated Identity Provider with that user pool.
  5. This generates the following amplifyconfiguration:
{
    "UserAgent": "aws-amplify-cli/2.0",
    "Version": "1.0",
    "auth": {
        "plugins": {
            "awsCognitoAuthPlugin": {
                "UserAgent": "aws-amplify-cli/0.1.0",
                "Version": "0.1.0",
                "IdentityManager": {
                    "Default": {}
                },
                "CognitoUserPool": {
                    "Default": {
                        "PoolId": "-----",
                        "AppClientId": "-----",
                        "Region": "us-east-2"
                    }
                },
                "Auth": {
                    "Default": {
                        "authenticationFlowType": "USER_SRP_AUTH",
                        "socialProviders": [
                            "GOOGLE"
                        ],
                        "usernameAttributes": [
                            "EMAIL"
                        ],
                        "signupAttributes": [],
                        "passwordProtectionSettings": {
                            "passwordPolicyMinLength": 8,
                            "passwordPolicyCharacters": []
                        },
                        "mfaConfiguration": "OFF",
                        "mfaTypes": [],
                        "verificationMechanisms": [
                            "EMAIL"
                        ]
                    }
                }
            }
        }
    }
}
  1. initialize amplify (wrapping this initialization in a shared library because I manage multiple projects with the same cognito pool):
  Future<void> _configureAmplify(String amplifyConfig) async {
    final auth = AmplifyAuthCognito();
    await Amplify.addPlugin(auth);
    await Amplify.configure(amplifyConfig);
  }

  /// Initiate user session from local storage if present
  Future<bool> init(String amplifyConfig) async {
    await _configureAmplify(amplifyConfig);
    final result = await Amplify.Auth.fetchAuthSession();
    return result.isSignedIn;
  1. Sign in w/ SSO:
  Future<User?> loginWithGoogle() async {
    try {
      final resp = await Amplify.Auth.signInWithWebUI(provider: AuthProvider.google);
      safePrint(resp);
      final result = await getCurrentUser();
      return result;
    } catch (e) {
      safePrint(e);
      return null;
    }
  }

Screenshots

image image

Platforms

Flutter Version

3.3.10

Amplify Flutter Version

1.0.1

Deployment Method

Amplify CLI

Schema

No response

dnys1 commented 1 year ago

Transferred this to the amplify-cli repo. I was able to reproduce with a user pool w/ Hosted UI.

The issue is that the CLI is not outputting the OAuth configuration section in the generated amplifyconfiguration.dart file. The config for a backend with Hosted UI enabled should look like:

{
  "UserAgent": "aws-amplify-cli/2.0",
  "Version": "1.0",
  "auth": {
    "plugins": {
      "awsCognitoAuthPlugin": {
        "UserAgent": "aws-amplify-cli/0.1.0",
        "Version": "0.1.0",
        "CredentialsProvider": {
          "CognitoIdentity": {
            "Default": {
              "PoolId": "<identity pool id>",
              "Region": "us-west-2"
            }
          }
        },
        "CognitoUserPool": {
          "Default": {
            "PoolId": "<user pool id>",
            "AppClientId": "<user pool client id>",
            "Region": "us-west-2"
          }
        },
        "Auth": {
          "Default": {
            // ** This section is missing when running amplify import auth **
            "OAuth": {
              "WebDomain": "<cognito domain>",
              "AppClientId": "<user pool client id>",
              "SignInRedirectURI": "myapp://",
              "SignOutRedirectURI": "myapp://",
              "Scopes": [
                "phone",
                "email",
                "openid",
                "profile",
                "aws.cognito.signin.user.admin"
              ]
            },
            "authenticationFlowType": "USER_SRP_AUTH",
            "usernameAttributes": [],
            "signupAttributes": [
              "email",
              "phone_number"
            ],
            "passwordProtectionSettings": {
              "passwordPolicyMinLength": 8,
              "passwordPolicyCharacters": [
                "REQUIRES_LOWERCASE",
                "REQUIRES_UPPERCASE",
                "REQUIRES_NUMBERS",
                "REQUIRES_SYMBOLS"
              ]
            },
            "mfaConfiguration": "OPTIONAL",
            "mfaTypes": [
              "SMS"
            ],
            "verificationMechanisms": [
              "EMAIL",
              "PHONE_NUMBER"
            ]
          }
        }
      }
    }
  }
}
jfacoustic commented 1 year ago

@josefaidt Thanks!

josefaidt commented 1 year ago

Hey @jfacoustic :wave: thanks for raising this! Unfortunately this is not supported today and is being tracked as a feature request here https://github.com/aws-amplify/amplify-cli/issues/10932

As a workaround, you can use a pre-push hook to retrieve these values from Cognito and manually update the aws-exports.js file as suggested here https://github.com/aws-amplify/amplify-cli/issues/10932#issuecomment-1478510532

I'll close this issue as a duplicate request, but please consider adding a 👍 or comment to the other thread!

github-actions[bot] commented 1 year ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.