Open JaysZila opened 2 weeks ago
Hey @JaysZila, thank you for reaching out. Could provide is the cli-inputs.json
generated in the backend/auth/<resource-name>
folder?
From the error message the issue may be caused by using alias attributes in your existing Auth resource. If it does you may need to enable the forcealiasattributes
in the cli.json
present at the root of the amplify folder. Then run amplify build
or amplify update auth
and amplify push
.
current version of the cli.json
{
"features": {
"graphqltransformer": {
"addmissingownerfields": true,
"improvepluralization": false,
"validatetypenamereservedwords": true,
"useexperimentalpipelinedtransformer": true,
"enableiterativegsiupdates": true,
"secondarykeyasgsi": true,
"skipoverridemutationinputtypes": true,
"transformerversion": 2,
"suppressschemamigrationprompt": true,
"securityenhancementnotification": false,
"showfieldauthnotification": false,
"usesubusernamefordefaultidentityclaim": true,
"usefieldnameforprimarykeyconnectionfield": false,
"enableautoindexquerynames": true,
"respectprimarykeyattributesonconnectionfield": true,
"shoulddeepmergedirectiveconfigdefaults": false,
"populateownerfieldforstaticgroupauth": true,
"subscriptionsinheritprimaryauth": false
},
"frontend-ios": {
"enablexcodeintegration": true
},
"auth": {
"enablecaseinsensitivity": true,
"useinclusiveterminology": true,
"breakcirculardependency": true,
"forcealiasattributes": false, // enable this flag
"useenabledmfas": true
},
"codegen": {
"useappsyncmodelgenplugin": true,
"usedocsgeneratorplugin": true,
"usetypesgeneratorplugin": true,
"cleangeneratedmodelsdirectory": true,
"retaincasestyle": true,
"addtimestampfields": true,
"handlelistnullabilitytransparently": true,
"emitauthprovider": true,
"generateindexrules": true,
"enabledartnullsafety": true,
"generatemodelsforlazyloadandcustomselectionset": false
},
"appsync": {
"generategraphqlpermissions": true
},
"latestregionsupport": {
"pinpoint": 1,
"translate": 1,
"transcribe": 1,
"rekognition": 1,
"textract": 1,
"comprehend": 1
},
"project": {
"overrides": true
}
},
"debug": {}
}
Hi @ykethan This is my cli-input.json
{
"version": "1",
"cognitoConfig": {
"identityPoolName": "IdentityPoolName",
"allowUnauthenticatedIdentities": true,
"resourceNameTruncated": "xxxxxxx",
"userPoolName": "UserPoolName",
"autoVerifiedAttributes": [
"email"
],
"mfaConfiguration": "OFF",
"mfaTypes": [
"SMS Text Message"
],
"smsAuthenticationMessage": "Your authentication code is {####}",
"smsVerificationMessage": "Your verification code is {####}",
"emailVerificationSubject": "Your verification code",
"emailVerificationMessage": "Your verification code is {####}",
"defaultPasswordPolicy": false,
"passwordPolicyMinLength": "x",
"passwordPolicyCharacters": [
"Requires Numbers"
],
"requiredAttributes": [],
"aliasAttributes": [],
"userpoolClientGenerateSecret": false,
"userpoolClientRefreshTokenValidity": "1",
"userpoolClientWriteAttributes": [
"email"
],
"userpoolClientReadAttributes": [
"email"
],
"userpoolClientLambdaRole": "userpoolclient_lambda_role",
"userpoolClientSetAttributes": false,
"authSelections": "identityPoolAndUserPool",
"resourceName": "myAuth",
"serviceName": "Cognito",
"useDefault": "manual",
"sharedId": "xxxxxx",
"userPoolGroupList": [],
"userPoolGroups": false,
"usernameCaseSensitive": false, ---> but in AWS Cognito the value is true (case sensitive)
"adminQueries": false,
"hostedUI": false,
"thirdPartyAuth": false,
"authProviders": [],
"triggers": {
"CreateAuthChallenge": [
"boilerplate-create-challenge"
],
"DefineAuthChallenge": [
"boilerplate-define-challenge"
],
"VerifyAuthChallengeResponse": [
"boilerplate-verify"
]
},
"authRoleArn": {
"Fn::GetAtt": [
"AuthRole",
"Arn"
]
},
"unauthRoleArn": {
"Fn::GetAtt": [
"UnauthRole",
"Arn"
]
},
"breakCircularDependency": true,
"useEnabledMfas": false,
"dependsOn": [
{
"category": "function",
"resourceName": "myAuthCreateAuthChallenge",
"triggerProvider": "Cognito",
"attributes": [
"Arn",
"Name"
]
},
{
"category": "function",
"resourceName": "myAuthDefineAuthChallenge",
"triggerProvider": "Cognito",
"attributes": [
"Arn",
"Name"
]
},
{
"category": "function",
"resourceName": "myAuthVerifyAuthChallengeResponse",
"triggerProvider": "Cognito",
"attributes": [
"Arn",
"Name"
]
}
],
"permissions": [],
"authTriggerConnections": "[\n {\n \"triggerType\": \"CreateAuthChallenge\",\n \"lambdaFunctionName\": \"myAuthCreateAuthChallenge\"\n },\n {\n \"triggerType\": \"DefineAuthChallenge\",\n \"lambdaFunctionName\": \"myAuthDefineAuthChallenge\"\n },\n {\n \"triggerType\": \"VerifyAuthChallengeResponse\",\n \"lambdaFunctionName\": \"myAuthVerifyAuthChallengeResponse\"\n }\n]",
"parentStack": {
"Ref": "AWS::StackId"
}
}
}
My current cli.json does not have forceAliasAttributes. And also, user pool is configured to use username as the key for login. Do you mean I need to add it and set the value to true?
"auth": {
"enablecaseinsensitivity": true,
"useinclusiveterminology": true,
"breakcirculardependency": true
}
backend-config.json, amplify-meta.json
"usernameAttributes": []
Hey @JaysZila, thank you for posting the cli-inputs.json
, from the file it appears the alias attributes are not being utilized so you should be fine as this flag defaults to false. You could update the cli.json
to have the latest flags present as well.
Could you update the "usernameCaseSensitive"
as true
in the cli-inputs.json
and push. Do let us know if this mitigates the issue.
@ykethan Thank you for your reply. I tried updating it to true, but it still resulted in the same error message.
@JaysZila by any chance was this manually updated on the console?
on the generated CloudFormation template did notice the following and updating the usernameCaseSensitive": true,
did cause a similar error.
"UsernameConfiguration": {
"CaseSensitive": false
}
On the CloudFormation console, could you check the auth nested stack template for UsernameConfiguration
? The name of the stack should start with amplify-<app-name>
with auth appended in name.
Could you verify the UsernameConfiguration
matches the locally generated UsernameConfiguration
in the CloudFormation template.
@ykethan I'm not sure about manually updated on the console since I'm not part of the team project from the beginning
To give you more detail on UsernameConfiguration
in project
Before running amplify update auth
UsernameConfiguration
in auth-cloudformation-template.yml
file or any other folders in the local project.After running amplify update auth /build folder was created under backend/auth , containing the following files:
parameter.json
auth-trigger-cloudformation-template.json
(auth-trigger-cloudformation-template.yml
was removed)auth-cloudformation-template.json
(auth-cloudformation-template.yml
was removed), which now includes"UsernameConfiguration": {
"CaseSensitive": false
}
cli-inputs.json, which was created under the backend/auth folder
I’m not quite sure about the UsernameConfiguration
in the auth stack, since it’s a property of the AWS::Cognito::UserPool
which is the one of the resource in auth stack. Is this what you mean?
If not, then I ran this command in the AWS console to check the details of the User Pool
aws cognito-idp describe-user-pool --user-pool-id "myUserPoolId"
The result is that there is no UsernameConfiguration
defined in the User Pool either
Hey @JaysZila, on a bit of a deep dive, noticed a similar issues: https://github.com/aws-amplify/amplify-cli/issues/10846 and https://github.com/aws-amplify/amplify-cli/issues/10447. The comments https://github.com/aws-amplify/amplify-cli/issues/10846#issuecomment-1264033973, https://github.com/aws-amplify/amplify-cli/issues/10447#issuecomment-1154476327 provided a workaround of removing the usernameCaseSensitive
parameter fixed the issue.
Could you try this and let us know if this mitigates the issue.
@ykethan Thank you so much. After removing it, amplify push worked fine. However, I just noticed that after upgrading to Amplify CLI 12 and updating auth (walkthrough options with the same configuration when using amplify cli version 6), the number of resources in the auth category was reduced to 7 (from 11 before).
Do you have any idea why this might have happened? I’m not sure if it will affect the authentication flow or not.
Resource which was removed
No matter how I add it back to the CloudFormation file, after running amplify push, it always creates a build folder with the CloudFormation file containing only 7 resources.
Hey @JaysZila, this is currently the expected behavior and should not effect the authentication flow. The resources were refactored as part of our improvements to the Auth resource.
How did you install the Amplify CLI?
npm
If applicable, what version of Node.js are you using?
20.15.0
Amplify CLI Version
12.10.1
What operating system are you using?
MacOs
Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.
No manual changes made
Describe the bug
My project was recently upgraded from Amplify CLI version 6.0.0 to 12.10.1. After the upgrade, when I ran the amplify push command, it displayed the following error:
“Auth triggers have been configured using an older version of the CLI and must be migrated before they can be deployed. Run amplify update auth and select ‘yes’ at the migration prompt. Then retry the deployment using amplify push.”
I have run amplify update auth with the following options:
Successfully updated the Cognito trigger locally Successfully updated the Cognito trigger locally Successfully updated the Cognito trigger locally ✅ Successfully updated auth resource myAuth locally
After the migration was completed, it removed myAuth-cloudformation-template.json, auth-trigger-cloudformation-template.json, and parameter.json files and added cli-input.json instead.
After that, I manually re-added myAuth-cloudformation-template.json and auth-trigger-cloudformation-template.json (my project have custom lambda trigger created before) back to the project and pushed the changes to the cloud again.
However, I encountered the following error:
The following resources failed to deploy: Resource Name: UserPool (AWS::Cognito::UserPool) Event Type: update Reason: Resource handler returned message: "Invalid request provided: Updates are not allowed for property - UsernameConfiguration." (RequestToken: xxxxxx, HandlerErrorCode: InvalidRequest)
Expected behavior
amplify push needs to work normally after the migration is completed.
Reproduction steps
Project Identifier
No response
Log output
Additional information
My cloudformation stack details (Auth)
Resources
Parameters include usernameCaseSensitive: false
Before submitting, please confirm: