Amplify Console Build Failure - facebookAppId, amazonAppId, googleClientId, hostedUIProviderCreds] must have values

[KidSysco]

I added auth to my project with the Facebook, Google, and Amazon Logins. I got Cognito working well, so I decided to add an API using the AppPool for security.

I added the default graphQL API that adds todos with a simple one-to-many relationship, I ran amplify push and everything worked great. AppSync, Dynamo, and Cognito were all looking perfectly in each console.

I committed my code to git and pushed, which kicked off an Amplify Console build that failed with the following error message. Notice how it is complaining that it cannot find values for my facebookAppId, amazonAppId, googleClientId, hostedUIProviderCreds. That is confusing because Cognito is working perfectly with all 3 providers...

UPDATE_FAILED               authdevilsswille50c45c5         AWS::CloudFormation::Stack Tue Oct 22 2019 14:04:31 GMT+0000 (Coordinated Universal Time) Parameters: [facebookAppId, amazonAppId, googleClientId, hostedUIProviderCreds] must have values

I expected the Amplify console to be able to build and deploy this project since amplify push worked fine from my machine.

If I remove the API, Cognito still works fine, I can commit and push at this point and the Amplify Console will build and deploy my project fine.

Any insight is always appreciated.

[swaminator]

@KidSysco are you creating a new backend environment through the Amplify Console or are you reusing one created through the CLI?

[KidSysco]

That is a really good question, I guess it is unclear what I am supposed to do here.

I use the CLI to push everything and test my code locally.

In the Amplify Console, I noticed there is a setting only available when setting up the app for the first time. It asks me if I want to deploy the backend, or only deploy the front end. I tried to change this setting after the app was created but I was unable to find a way. The only way to change that setting appears to be to delete the app from the Amplify Console and add it again.

Even when I deleted the app, added it again so I could try to only deploy the front end, I ran into permissions problems. I followed the directions to remove the aws-exports.js file from the GitIgnore file. But once I hit save, it complained about the role that is needed to deploy backend resources and gave me an error. However, it still added the app, but it would not deploy and just gives me a permissions error about the account needed to deploy the backend resources whenever it tries to build.

[ihao8]

@KidSysco The amplifyPush script has an issue with new stack creation when using social federation. As a workaround you could try:

1. Create your own amplifypush.sh like myamplifypush.sh in root folder amplify-auth-app/myamplifypush.sh
2. Add your authconfigs to the bash script

   
   #!/usr/bin/env bash
   set -e
   IFS='|'
   help_output () {
   echo "usage: amplify-push <--environment|-e <name>> <--simple|-s>"
   echo "  --environment  The name of the Amplify environment to use"
   echo "  --simple  Optional simple flag auto-includes stack info from env cache"
   exit 1
   }

init_env () { ENV=$1 AMPLIFY=$2 PROVIDERS=$3 CODEGEN=$4 AWSCONFIG=$5 CATEGORIES=$6 echo "# Start initializing Amplify environment: ${ENV}" if [[ -z ${STACKINFO} ]]; then echo "# Initializing new Amplify environment: ${ENV} (amplify init)" amplify init --amplify ${AMPLIFY} --providers ${PROVIDERS} --codegen ${CODEGEN} --categories ${CATEGORIES} --yes; echo "# Environment ${ENV} details:" amplify env get --name ${ENV} else echo "STACKINFO="${STACKINFO} echo "# Importing Amplify environment: ${ENV} (amplify env import)" amplify env import --name ${ENV} --config "${STACKINFO}" --awsInfo ${AWSCONFIG} --categories ${CATEGORIES} --yes; echo "# Initializing existing Amplify environment: ${ENV} (amplify init)" amplify init --amplify ${AMPLIFY} --providers ${PROVIDERS} --codegen ${CODEGEN} --yes; echo "# Environment ${ENV} details:" amplify env get --name ${ENV} fi echo "# Done initializing Amplify environment: ${ENV}" }

ENV="" IS_SIMPLE=false POSITIONAL=() while [[ $# -gt 0 ]] do key="$1" case ${key} in -e|--environment) ENV=$2 shift ;; -r|--region) REGION=$2 shift ;; -s|--simple) IS_SIMPLE=true shift ;; *) POSITIONAL+=("$1") shift ;; esac done

set -- "${POSITIONAL[@]}"

if no provided environment name, use default env variable, then user override

if [[ ${ENV} = "" ]]; then ENV=${AWS_BRANCH} fi if [[ ${USER_BRANCH} != "" ]]; then ENV=${USER_BRANCH} fi

Check valid environment name

if [[ -z ${ENV} || "${ENV}" =~ [^a-zA-Z0-9-]+ ]] ; then help_output ; fi

AWSCONFIG="{\ \"configLevel\":\"project\",\ \"useProfile\":true,\ \"profileName\":\"default\"\ }"

AMPLIFY="{\ \"envName\":\"${ENV}\"\ }"

PROVIDERS="{\ \"awscloudformation\":${AWSCONFIG}\ }"

CODEGEN="{\ \"generateCode\":false,\ \"generateDocs\":false\ }"

AUTHCONFIG="{\ \"facebookAppIdUserPool\":\"888888888888888\",\ \"facebookAppSecretUserPool\":\"88888888888888888\"\ }"

CATEGORIES="{\ \"auth\":$AUTHCONFIG\ }"

Handle old or new config file based on simple flag

if [[ ${IS_SIMPLE} ]]; then echo "# Getting Amplify CLI Cloud-Formation stack info from environment cache" export STACKINFO="$(envCache --get stackInfo)" init_env ${ENV} ${AMPLIFY} ${PROVIDERS} ${CODEGEN} ${AWSCONFIG} ${CATEGORIES} echo "# Store Amplify CLI Cloud-Formation stack info in environment cache" STACKINFO="$(amplify env get --json --name ${ENV})" envCache --set stackInfo ${STACKINFO} echo "STACKINFO="${STACKINFO} else

old config file, above steps performed outside of this script

init_env ${ENV} ${AMPLIFY} ${PROVIDERS} ${CODEGEN} ${AWSCONFIG} ${CATEGORIES}

fi

3. Edit `Build setting` in amplify console

version: 0.1 backend: phases: build: commands:

• '# Execute Amplify CLI with the helper script'
• chmod u+x ./myamplifypush.sh
• ./myamplifypush.sh frontend: phases: preBuild: commands:
• npm ci build: commands:
• npm run build artifacts: baseDirectory: build files:
  • '*/' cache: paths:
  • node_modules/*/

    
    4. Redeploy the app

This worked on my app. If you could not reproduce it, please let me know.

[kevin-mitchell]

I'm having similar issues, or at least they appear to be closely related. I posted details here https://github.com/aws-amplify/amplify-cli/issues/2833

[KidSysco]

Yep, looks exactly the same as my experience.

[kevin-mitchell]

@KidSysco what are you doing in the meantime? Are you just deploying via amplify push && amplify publish locally in the cli?

[KidSysco]

Pushing locally worked fine, and all functions worked fine locally. So I could develop locally but I just couldn't get it to production.

I decided to give amplify publish a try by setting up the publishing options in Amplify that would post the website to an S3 bucket, instead of using the Amplify Console.

However, amplify publish to S3 did not work for me either.

Same error.

I think what Joycehao19 said above is correct...

"The amplifyPush script has an issue with new stack creation when using social federation."

Official AWS Support just sent me to GitHub for Amplify support, but I was already here.

So I froze the idea there and moved on to write classic Restify services on an EC2 linux instance.

I think you could try to remove all social media functions and try it. I want to say I tried that and it did not work either, but based on what Joyce said above, it might work. I can't remember from a month ago. I also don't have any more time to sink into testing this for AWS. I already have a job, and a boss, and many deadlines of my own. lol

However, I am keeping on eye on Amplify and this issue. I will still comment and help out the community if I can.

I absolutely love the idea of Amplify, they need to keep pushing... But if you really need to go serverless, the best option right now is Azure. AWS is very new to writing dev tools, MS has been doing this since the dawn of time. The MS tools are very slick, from ORM (Entity Framework), to Web Server, source control, to multiple environments of Cloud resources. All one company. They are light years ahead in that game.

Fortunately for me, I do not NEED to go serverless right now, we are not huge fans of MS either. And we still get lots done on EC2, in record time.

Keep us posted if you make any break throughs!

[kevin-mitchell]

Thanks for all of the info, the insight / experiences you've had are super helpful as I think through this stuff.

RE: try without social, in my case social sign in is actually the ONLY option that I want to support. My "app" is for a limited set of "internal" users (hint: it's actually my family :)), but I want to build something robust / secure as a way to learn a new set of tools (e.g. Amplify) for evaluation in future professional projects. In my case, I know my family members all have gmail accounts so I want them to just sign in with Google credentials and save worry about / thinking about anything else.

RE: switching to something else, honestly Amplify is just sort of the entry point for a bunch of other things going on. Most important is AWS IoT, which I've spent a decent chunk of time implementing on physical hardware I'm making, so I'm pretty married to AWS at the moment.

I think for now I'll wait and watch this ticket and see what happens. I don't need to go to "production" at the moment, and truthfully I could live with only a single production environment if that solved my issue.

[KidSysco]

I understand completely.

As a Node.js programmer, the huge answer for social media SSO is passport.js.

However, I prefer Restify over Express, which has lead a pretty big divide in the Node community I'd say.

Passport.js is express based.

There are other services out there that are like Cognito, and we could use them too. I even have some training here from Udemy.com on getting AWS Developer certified. That class teaches new folks how to use Cognito directly using an older jQuery style of programming. It was not Vue, or React.

However, my instructor clearly indicated to his class that Amplify was not ready for production. I didn't believe him. I ended up here anyway because AWS makes amplify sound so awesome. I couldn't resist, even though I was warned by my instructor who was an Amplify Beta user.

I eventually decided that oAuth and social SSO logins are not really worth it on this platform yet.

Restify seems to have a real problem with JWT, and the AWS answer for something like that is just too much work to justify. There are easier ways to get social media SSO, but honestly, just writing my own login form seems to be much less work than all of this. Once I gave up on this, I started making huge gains in progress just writing it myself.

Now on Azure... OAuth was all super slick. This is why Amplify deserves a chance...

Years ago when I was on Azure, the default new project in Visual Studio for creating a new site, ships with oAuth stuff built in, all you need to do is fill in the keys and secrets into your code. No services needed, no passport.js, no express, OAuth just worked there. And that was back in 2015.

I know how it is supposed to work, because I have seen things like this elsewhere.

So it's just not worth fighting the platform. If it's not ready, then it's just not ready yet.

But DOn't get me wrong, I am still AWS 4 LYFE!!!! WOOT!!!!

So I agree, let's watch and see what happens next!

[w3kp]

Confirming @Joycehao19 's workaround. This worked also on my end. Just did a little adjustment on the AUTH_CONFIG for social feds authentication. Created config variables per environment on App settings > Environment variables tab and use it in my custom amplify push script myamplifypush.sh like below.

AUTHCONFIG="{\
\"googleAppIdUserPool\":\"${GOOGLE_CLIENT_ID}\",\
\"googleAppSecretUserPool\":\"${GOOGLE_CLIENT_SECRET}\",\
\"loginwithamazonAppIdUserPool\":\"${AMAZON_APP_ID}\",\
\"loginwithamazonAppSecretUserPool\":\"${AMAZON_APP_SECRET}\"\
}"

Then push and redeploy environment(s). I have 3 environments as of the moment master, local, staging with different auth config in each cognito per env respectively. Working fine now. Thanks!

[danieletieghi]

@Joycehao19 's workaround seemed to work for me for the "Backend" phase of the build process which now passes, but now it hangs on the "Frontend" phase (which was working fine before I ended up in this mess) because it seams the file aws-exports.js is no longer generated. Any suggestions?

[yuyokk]

Facing Error: auth headless init is missing the following inputParams facebookAppIdUserPool, facebookAppSecretUserPool, googleAppIdUserPool, googleAppSecretUserPool as well. Unfortunately, the workaround did not help us :(

[yuyokk]

Based on the comment, I modified the script from here and it worked for me

#!/usr/bin/env bash
set -e
IFS='|'
help_output () {
    echo "usage: amplify-push <--environment|-e <name>> <--simple|-s>"
    echo "  --environment  The name of the Amplify environment to use"
    echo "  --simple  Optional simple flag auto-includes stack info from env cache"
    exit 1
}

init_env () {
    ENV=$1
    AMPLIFY=$2
    PROVIDERS=$3
    CODEGEN=$4
    AWSCONFIG=$5
    CATEGORIES=$6
    echo "# Start initializing Amplify environment: ${ENV}"
    if [[ -z ${STACKINFO} ]];
    then
        echo "# Initializing new Amplify environment: ${ENV} (amplify init)"
        amplify init --amplify ${AMPLIFY} --providers ${PROVIDERS} --codegen ${CODEGEN} --categories ${CATEGORIES} --yes;
        echo "# Environment ${ENV} details:"
        amplify env get --name ${ENV}
    else
        echo "STACKINFO="${STACKINFO}
        echo "# Importing Amplify environment: ${ENV} (amplify env import)"
        amplify env import --name ${ENV} --config "${STACKINFO}" --awsInfo ${AWSCONFIG} --categories ${CATEGORIES} --yes;
        echo "# Initializing existing Amplify environment: ${ENV} (amplify init)"
        amplify init --amplify ${AMPLIFY} --providers ${PROVIDERS} --codegen ${CODEGEN} --categories ${CATEGORIES} --yes;
        echo "# Environment ${ENV} details:"
        amplify env get --name ${ENV}
    fi
    echo "# Done initializing Amplify environment: ${ENV}"
}

ENV=""
IS_SIMPLE=false
POSITIONAL=()
while [[ $# -gt 0 ]]
do
    key="$1"
    case ${key} in
        -e|--environment)
            ENV=$2
            shift
            ;;
        -r|--region)
            REGION=$2
            shift
            ;;
        -s|--simple)
            IS_SIMPLE=true
            shift
            ;;
        *)
            POSITIONAL+=("$1")
            shift
            ;;
    esac
done

set -- "${POSITIONAL[@]}"

# if no provided environment name, use default env variable, then user override
if [[ ${ENV} = "" ]];
then
    ENV=${AWS_BRANCH}
fi
if [[ ${USER_BRANCH} != "" ]];
then
    ENV=${USER_BRANCH}
fi

# Check valid environment name
if [[ -z ${ENV} || "${ENV}" =~ [^a-zA-Z0-9\-]+ ]] ; then help_output ; fi

AWSCONFIG="{\
\"configLevel\":\"project\",\
\"useProfile\":true,\
\"profileName\":\"default\"\
}"

AMPLIFY="{\
\"envName\":\"${ENV}\"\
}"

PROVIDERS="{\
\"awscloudformation\":${AWSCONFIG}\
}"

CODEGEN="{\
\"generateCode\":false,\
\"generateDocs\":false\
}"

AUTHCONFIG="{\
\"facebookAppIdUserPool\":\"XXXXXXXXXXXXXX\",\
\"facebookAppSecretUserPool\":\"XXXXXXXXXXXXXX\"\
}"

CATEGORIES="{\
\"auth\":$AUTHCONFIG\
}"

# Handle old or new config file based on simple flag
if [[ ${IS_SIMPLE} ]];
then
    echo "# Getting Amplify CLI Cloud-Formation stack info from environment cache"
    export STACKINFO="$(envCache --get stackInfo)"
    init_env ${ENV} ${AMPLIFY} ${PROVIDERS} ${CODEGEN} ${AWSCONFIG} ${CATEGORIES}
    echo "# Store Amplify CLI Cloud-Formation stack info in environment cache"
    STACKINFO="$(amplify env get --json --name ${ENV})"
    envCache --set stackInfo ${STACKINFO}
    echo "STACKINFO="${STACKINFO}
else
    # old config file, above steps performed outside of this script
    init_env ${ENV} ${AMPLIFY} ${PROVIDERS} ${CODEGEN} ${AWSCONFIG} ${CATEGORIES}
fi

[BabyDino]

For some reason I am really struggling with the --categories parameter on amplify init. I cannot find any documentation on it and I cannot get the CATEGORIES with AUTHCONFIG to work. At this point I'm not even sure if I am in the right direction.

Every time I run the script, I am unable to add environment variables like @paulbartocillo to the script.

In the team-provider-info.json file I expect:

"categories": {
  "auth": {
    "cognito": {
      "myVar": "abc",
      "myOtherVar": "def"
    }
  },
  "function": {
    "functionName": {
      "RECAPTCHASECRET": "6Lfy_..."
    }
  }
}

Instead, I get all empties:

"categories": {
  "auth": {
    "cognito": {}
  },
  "function": {
    "functionName": {}
  }
}

Anyone who can point me in the right direction? I am using myscript.sh --environment test --simple . It works alright, but I really need those custom variables.

Many thanks!

[evertson90]

Any update on this issue that is not the workaround mentioned above?

[evertson90]

Facing Error: auth headless init is missing the following inputParams facebookAppIdUserPool, facebookAppSecretUserPool, googleAppIdUserPool, googleAppSecretUserPool as well. Unfortunately, the workaround did not help us :(

Make sure you have the right amount of quotes and backslashes when adding your own "AUTH" variables.

It didn't work for me either because I had a "/" too much.

[vajafari]

I face this problem and solve it. 1- Create amplfypush.sh file and add it to the root of project and put the following scripts in it:

#!/usr/bin/env bash
set -e
IFS='|'
help_output () {
    echo "usage: amplify-push <--environment|-e <name>> <--simple|-s>"
    echo "  --environment  The name of the Amplify environment to use"
    echo "  --simple  Optional simple flag auto-includes stack info from env cache"
    exit 1
}

init_env () {
    ENV=$1
    AMPLIFY=$2
    PROVIDERS=$3
    CODEGEN=$4
    AWSCONFIG=$5
    CATEGORIES=$6
    echo "# Start initializing Amplify environment: ${ENV}"
    if [[ -z ${STACKINFO} ]];
    then
        echo "# Initializing new Amplify environment: ${ENV} (amplify init)"
        amplify init --amplify ${AMPLIFY} --providers ${PROVIDERS} --codegen ${CODEGEN} --categories ${CATEGORIES} --yes;
        echo "# Environment ${ENV} details:"
        amplify env get --name ${ENV}
    else
        echo "STACKINFO="${STACKINFO}
        echo "# Importing Amplify environment: ${ENV} (amplify env import)"
        amplify env import --name ${ENV} --config "${STACKINFO}" --awsInfo ${AWSCONFIG} --categories ${CATEGORIES} --yes;
        echo "# Initializing existing Amplify environment: ${ENV} (amplify init)"
        amplify init --amplify ${AMPLIFY} --providers ${PROVIDERS} --codegen ${CODEGEN} --categories ${CATEGORIES} --yes;
        echo "# Environment ${ENV} details:"
        amplify env get --name ${ENV}
    fi
    echo "# Done initializing Amplify environment: ${ENV}"
}

ENV=""
IS_SIMPLE=false
POSITIONAL=()
while [[ $# -gt 0 ]]
do
    key="$1"
    case ${key} in
        -e|--environment)
            ENV=$2
            shift
            ;;
        -r|--region)
            REGION=$2
            shift
            ;;
        -s|--simple)
            IS_SIMPLE=true
            shift
            ;;
        *)
            POSITIONAL+=("$1")
            shift
            ;;
    esac
done

set -- "${POSITIONAL[@]}"

# if no provided environment name, use default env variable, then user override
if [[ ${ENV} = "" ]];
then
    ENV=${AWS_BRANCH}
fi
if [[ ${USER_BRANCH} != "" ]];
then
    ENV=${USER_BRANCH}
fi

# Check valid environment name
if [[ -z ${ENV} || "${ENV}" =~ [^a-zA-Z0-9\-]+ ]] ; then help_output ; fi

AWSCONFIG="{\
\"configLevel\":\"project\",\
\"useProfile\":true,\
\"profileName\":\"default\"\
}"

AMPLIFY="{\
\"envName\":\"${ENV}\"\
}"

PROVIDERS="{\
\"awscloudformation\":${AWSCONFIG}\
}"

CODEGEN="{\
\"generateCode\":false,\
\"generateDocs\":false\
}"

AUTHCONFIG="{\
\"facebookAppId\":\"${FACEBOOK_CLIENT_ID}\",\
\"facebookAppSecret\":\"${FACEBOOK_CLIENT_SECRET}\",\
\"googleAppId\":\"${GOOGLE_CLIENT_ID}\",\
\"googleAppSecret\":\"${GOOGLE_CLIENT_SECRET}\"\
}"

CATEGORIES="{\
\"auth\":$AUTHCONFIG\
}"

# Handle old or new config file based on simple flag
if [[ ${IS_SIMPLE} ]];
then
    echo "# Getting Amplify CLI Cloud-Formation stack info from environment cache"
    export STACKINFO="$(envCache --get stackInfo)"
    init_env ${ENV} ${AMPLIFY} ${PROVIDERS} ${CODEGEN} ${AWSCONFIG} ${CATEGORIES}
    echo "# Store Amplify CLI Cloud-Formation stack info in environment cache"
    STACKINFO="$(amplify env get --json --name ${ENV})"
    envCache --set stackInfo ${STACKINFO}
    echo "STACKINFO="${STACKINFO}
else
    # old config file, above steps performed outside of this script
    init_env ${ENV} ${AMPLIFY} ${PROVIDERS} ${CODEGEN} ${AWSCONFIG} ${CATEGORIES}
fi

2- In amplify console --> App Settings ----> Environment variables add FACEBOOK_CLIENT_ID, FACEBOOK_CLIENT_SECRET, GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET to the environment varibale and set values for each environment

3- Change console --> App Settings ---->Build Setting to

version: 0.1
backend:
  phases:
    build:
      commands:
        - '# Execute Amplify CLI with the helper script'
        - chmod u+x ./vertrun-amplifypush.sh
        - ./amplfypush.sh
frontend:
  phases:
    preBuild:
      commands:
        - yarn install
    build:
      commands:
        - yarn run build
  artifacts:
    baseDirectory: build
    files:
      - '**/*'
  cache:
    paths:
      - node_modules/**/*

[ohadts]

I'm getting the following message: [hostedUIProviderCreds] must have values

I don't have a frontend setup in the amplify console, i don't use the hosted UI at all. I'm using Auth, Api and Storage services. I just want to add some fields in my schema and i'm stuck with this error...

This is the only issue that i found related to my error message. can someone help?

[zahydo]

I'm getting the following message: [hostedUIProviderCreds] must have values

I don't have a frontend setup in the amplify console, i don't use the hosted UI at all. I'm using Auth, Api and Storage services. I just want to add some fields in my schema and i'm stuck with this error...

This is the only issue that i found related to my error message. can someone help?

I have the same issue @ohadts

[ohadts]

@zahydo Nobody is answering here 😒 Did you manage to found any workaround?

[danieletieghi]

Hi, I don't know if this is acceptable for you, but I had the same problem, and after failing in applying the workaround I came up with a different one: simply I do not manage social single sign ons with amplify (chose no at don't know which question), and I simply added them manually in the cognito console (I have 2 environments, I did it twice off course). It works and neither amplify push nor a console build removes the configuration.

[KidSysco]

That was not acceptable to me, why use Amplify at all then? I can go to the console and add Cognito myself too.

The point behind Amplify is that we are finally getting Infrastructure as Code at AWS with serverless constructs.

Cognito and all of its configuration should be stored in source control, otherwise things will get missed when trying to replicate it later. This is what Infrastructure as Code does.

Right now, at my company, we cannot rebuild several of our old servers because no one knows how to. There are no docs, and the folks who put it together took years to get it done and none of them work here anymore.

This is what Amplify promises to resolve using all of the standard best practices that Amazon uses on their own websites.

I might even suggest it is more damaging to mislead future devs in your company by putting some of your apps infrastructure into code and source control, while certain other little things are not. It will lead people into believing that everything is done with infrastructure as Code when it actually is not.

I would rather have it one way or the other.

Not somewhere half way inbetween.

[zahydo]

@zahydo Nobody is answering here 😒 Did you manage to found any workaround?

@ohadts No, I had to recreate my API. It seems to Amplify that don't work well adding or removing fields related to the @key directive. Please contact me if you find another way to solve that problem. Thanks.

[swaminator]

@zahydo @KidSysco we are working on a fix that will allow you to provide an environment variable with your Facebook/Google Client ID, and we will be able to create new environments without the build failure. We should have the fix out in the next few weeks.

[slatemates]

We simply did a an amplify pull --appId XXXXXXXX --envName dev command on another computer . Modified some graphql schema. On amplify push it gives the error : Parameters: [hostedUIProviderCreds] must have values

Please help. We are really struck because of this .

[ohadts]

@KidSysco Totaly agree. @zahydo Did you lost all of your data? I'm not trying to add or modified fields related to the @key directive, just to add a plain primitive field... @slatemates It happened to me on a machine that I did "amplify pull..." like you did, but then I went back to my original machine (the one that I started the amplify project on) and got the same results.

[slatemates]

@ohadts On the original machine it still works fine. Since I had to work on the new machine, I made a tar ball of the original amplify folder , copy /pasted on the new machine. Its a lame workaround, but it works !

[ihao8]

Hi! When you create a new back-end environment on Amplify Console, you could add your auth parameters in environment variables area now without creating your own amplifypush.sh.

The way to do it:

1. When you connect your branch, in Backend deployments, choose Create new environment, and enter your backend name.

2. In the key and value fields, enter your client id and client secret. Amplify Console supports configuring Facebook, Google and Amazon account.

   

Variable name	Description	Example
AMPLIFY_AMAZON_CLIENT_ID	The Amazon client Id	123456
AMPLIFY_AMAZON_CLIENT_SECRET	The Amazon client secret	example123456
AMPLIFY_FACEBOOK_CLIENT_ID	The Facebook client Id	123456
AMPLIFY_FACEBOOK_CLIENT_SECRET	The Facebook client secret	example123456
AMPLIFY_GOOGLE_CLIENT_ID	The Google client Id	123456
AMPLIFY_GOOGLE_CLIENT_SECRET	The Google client secret	example123456

[yuyokk]

@Joycehao19 ~please advise how to migrate the custom amplifypush.sh solution (existing backend) to the proper solution.~

Thank you!

UPDATE

my bad :|

In the key and value fields, enter your client id and client secret. Amplify Console supports configuring Facebook, Google and Amazon account.

I think this item covers existing backends.

[ihao8]

Hi @yuyokk , If you created a back-end via cli and deployed on the console, it would not be affected. If it does, please let us know. Thanks!

[zahydo]

@ohadts I lost my data. But, for the moment that is not a problem because I'm working in development. But the same error happens to me with I did push my amplify backend changes in the 'test' environment. I did add some features like lambdas and auth to the 'dev' environment without problems. But when I want to push the same features in the 'test' environment the Amplify Cli raises the same error:

Parameters: [hostedUIProviderCreds] must have values

[xitanggg]

@Joycehao19

I still receive the same error when using the script

Error: auth headless init is missing the following inputParams facebookAppIdUserPool, facebookAppSecretUserPool, googleAppIdUserPool, googleAppSecretUserPool at updateConfigOnEnvInit (/root/.nvm/versions/node/v10.16.0/lib/node_modules/@aws-amplify/cli/node_modules/amplify-category-auth/provider-utils/awscloudformation/index.js:369:15) at /root/.nvm/versions/node/v10.16.0/lib/node_modules/@aws-amplify/cli/node_modules/amplify-category-auth/index.js:234:28 at /root/.nvm/versions/node/v10.16.0/lib/node_modules/@aws-amplify/cli/node_modules/promise-sequential/index.js:16:18 at process._tickCallback (internal/process/next_tick.js:68:7)

Well, actually, it works the first build then fails for all subsequent one for reasons unknown.

Adding env var manually in the console (i.e. AMPLIFY_FACEBOOK_CLIENT_ID, AMPLIFY_FACEBOOK_CLIENT_SECRET, AMPLIFY_GOOGLE_CLIENT_ID, AMPLIFY_GOOGLE_CLIENT_SECRET) doesn't resolve the issue.

Amplify Console is supposed to save developer time from building and deploying app, but ironically ends up costing couple hours of developer's time to attempt to fix its error with no luck fixing it. This issue really deserves high priority and be addressed. I am ditching Amplify Console entirely and rather hosting my app via Cloudfront amplify hosting add and build & push up locally amplify publish. Works way better.

[ihao8]

@xitanggg I truly apologize for the inconvenience, and our team is actively working on fixes of build failures now. Thanks for being an Amplify Console user and giving the conductive feedback. In order to better assist you, and improve our ongoing feature offering, I hope you could kindly share your appId and region to us (App settings => General => App ARN => arn:aws:amplify:${Region}:xxxxxxx:apps/${appId}).

Thank you.

[xitanggg]

@Joycehao19 Thanks for getting back promptly.

Here is my App ARN arn:aws:amplify:us-east-1:xxxxxxx:apps/d2tcc56dy4swxp

Build 4 is the only time it works when I introduce the myamplifypush.sh with

AUTHCONFIG="{\
\"facebookAppId\":\"xxxxx\",\
\"googleClientId\":\"xxxxxx.apps.googleusercontent.com\",\
\"facebookAppIdUserPool\":\"xxxxx\",\
\"facebookAppSecretUserPool\":\"xxxxx\",\
\"googleAppIdUserPool\":\"xxxxx.apps.googleusercontent.com\",\
\"googleAppSecretUserPool\":\"xxxxx\"\
}"

, then it starts failing at Build 5 (which I only changed my front end react code and updated a function) to Build 18 with no luck fixing it.

No rush on this, since I am not using amplify console.

[swaminator]

@xitanggg @yuyokk @KidSysco @kevin-mitchell @paulbartocillo We have a solution posted here.

To get it working, revert your backend build settings to use the amplifyPush --simple script, add the env variables, and any new environment created through the Console will work. Just to reiterate the workflow (assuming you're starting from scratch).

1. Install the Amplify CLI. Setup env dev.
2. Run amplify add auth and setup social sign-in. Run amplify push
3. Commit changes to master branch.
4. Set environment variables mentioned here.
5. Connect master branch in the Console and create a new backend env prod.

Expected result: The Amplify Console will deploy a new backend env without the error you are facing in the build. In the Frontend Env tab you should see the master branch and in the backend env tab you should see two envs prod and dev.

@slatemates @ohadts @zahydo Some of you are reporting an issue with Parameters: [hostedUIProviderCreds] must have values when you are making a change to your schema. Please open an issue on the Amplify CLI repo for that.

[kimfucious]

Hi. I'm here, because I setup a project with Amplify CLI, using Auth, which includes federatedSignIn.

I did this with an an initial environment, dev.

In the past, when ready to deploy to production (or staging), I'd (in the Amplify Console) connect a repo, and create a new env, prod, from the master branch.

From what I see happening, the build is choking on the fact that there is no OAuth client ID or secret present. This is mostly likely because I have intentionally excluded amplify/team-provider-info.json from the repo, because the fact that it contains the secret keys.

This seems to be of a chicken and egg scenario, as I can't go in and add these keys in the console, because the backend for prod is failing.

At this point, I can't deploy.

I've tried adding the client ID and secret key as environment variables via the console, but that changes the build error to: missing the following inputParams googleAppIdUserPool, googleAppSecretUserPool

There is also an error in the console, which I believe to be a red herring:

There was an issue connecting to your repo provider, click "Re-authenticate app" in General Settings, and then try your build again.```

[KidSysco]

Yes, you are at the right place. We tend to see that issue a lot...

At this point, I can't deploy.

So I might suggest to AWS...

Come up with some way to manually deploy this stuff. Then when it breaks, we can at least follow some manual steps to deployment, like copying files to S3 or EC2 ourselves.

After seeing this error from so many people now, I think back and wonder if I would have stuck with Amplify for my project, if I could have just deployed.

Amplify doesn't need to work perfect, but where I work, we need to deploy. Anything less is absolutely unacceptable, under any circumstance. So we had to drop Amplify from the tech stack when that is not something we wanted to do at all.

After all, we just ended up running our own API, one of our own EC2 instances, with our own instance of RDS, it uses Vue.js and we deploy the front-end to S3 by manually copying files into the AWS console.

There is no infrastructure as code here, no fancy automation, but the bottom line is... It works.

Some folks in the thread above have found the AmplifyPush.sh script to help them get it deployed, that might help if you are willing to go through it. I just never felt comfortable doing that. Amplify was supposed to abstract all of that stuff away from me. So the only way I would be willing to move forward, was if I could manually deploy things as I do now. Which is something I know, and trust.

[swaminator]

@kimfucious did you check out this post? https://github.com/aws-amplify/amplify-console/issues/206#issuecomment-611036436

[swaminator]

@KidSysco sorry to hear that. Would you be open to getting on a call so we can better understand what you went through? Absolutely agree that not being able to deploy is unacceptable.

[KidSysco]

@swaminator Sure I would be willing to have a chat with you. I have AWS Support through my company, and I already went through them. They just pointed me here, so I suppose talking to you is the next step. How do I go about doing that?

[kevin-mitchell]

Has this been resolved yet and documented, or is the current "fix" still customizing the deployment script? I'm havinga slightly difficult time keeping track with all of the discussion here. Thank you!

On Mon, Apr 13, 2020, 8:21 PM Ryan Segura notifications@github.com wrote:

@swaminator https://github.com/swaminator Sure I would be willing to have a chat with you.I have AWS Support through my company, and I already went through them. They just pointed me here, so I suppose talking to you is the next step. How do I go about doing that?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/aws-amplify/amplify-console/issues/206#issuecomment-613052669, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFCJCPDSAMBIE7N74EPEJWDRMNQ4NANCNFSM4JDRK43A .

[swaminator]

@kevin-mitchell we have a solution so please refer to this post: https://github.com/aws-amplify/amplify-console/issues/206#issuecomment-611036436

[swaminator]

@KidSysco send me an email via aws-amplify-customer@amazon.com and I'll set up time with you.

[kimfucious]

@kimfucious did you check out this post? #206 (comment)

Thanks for the follow up, @swaminator

Here's where I'm at:

Started from a clean slate. Brand new app just to test this:

1. Ran amplify init on my local, creating env "dev"
2. Ran amplify auth add

$ amplify auth add
Using service: Cognito, provided by: awscloudformation

 The current configured provider is Amazon Cognito.

 Do you want to use the default authentication and security configuration? Default configuration with Social Provider (Federation)
 Warning: you will not be able to edit these selections.
 How do you want users to be able to sign in? Username
 Do you want to configure advanced settings? Yes, I want to make some additional changes.
 Warning: you will not be able to edit these selections.
 What attributes are required for signing up? Email
 Do you want to enable any of the following capabilities?
 What domain name prefix you want us to create for you? authentify7adc49c2-7adc49c2
 Enter your redirect signin URI: https://localhost:3000/auth-callback/
? Do you want to add another redirect signin URI No
 Enter your redirect signout URI: https://localhost:3000/
? Do you want to add another redirect signout URI No
 Select the social providers you want to configure for your user pool: Google

 You've opted to allow users to authenticate via Google.  If you haven't already, you'll need to go to https://developers.google.com/identity and create an App ID.

 Enter your Google Web Client ID for your OAuth flow:  <id goes here>
 Enter your Google Web Client Secret for your OAuth flow:  <key goes here>
Successfully added resource authentify7adc49c2 locally

3. amplify push
4. git push to repo
5. In Amplify console, new app appears with "dev" back-end configured,
6. Click Connect a frontend web app
7. Click Connect branch
8. Enter repo and branch (master)
9. Create new environment (prod)
10. Choose existing service role (amplifyconsole-backend-role)

Something odd here. Maybe I'm going senile, but I remember there being an "advanced" accordion/collapse menu on the Configure build settings page. This is now gone. This is where I would put in the environment vars: AMPLIFY_GOOGLE_CLIENT_ID & AMPLIFY_GOOGLE_CLIENT_SECRET, before the build, but now that's not possible.

11. Only option, click Next
12. Click Save and deploy

This fails with (excerpt from build log):

2020-04-14T10:39:31.512Z [WARNING]: ✖ There was an error initializing your environment.
2020-04-14T10:39:31.512Z [INFO]: init failed
2020-04-14T10:39:31.513Z [INFO]: Error: auth headless init is missing the following inputParams googleAppIdUserPool, googleAppSecretUserPool

13. Click Environment variables in left menu.
14. Add aforementioned env vars
15. Navigate to the failed build and click Redeploy this version.

This fails with the same error as above.

16. Make a change in the app code and git push to the repo, kicking off a new build.

This give the following error in Amplify Console:

I believe this is a red herring because a git on my local status says:

$ git status
On branch master
Your branch is up to date with 'origin/master'.

nothing to commit, working tree clean

So I just waited. After a while, I came back and refreshed the page, and see this error (same as before):

2020-04-14T10:54:35.721Z [WARNING]: - Initializing your environment: prod
2020-04-14T10:54:35.863Z [WARNING]: ✔ Initialized provider successfully.
2020-04-14T10:54:35.870Z [WARNING]: ✖ There was an error initializing your environment.
2020-04-14T10:54:35.871Z [INFO]: init failed
2020-04-14T10:54:35.871Z [INFO]: Error: auth headless init is missing the following inputParams googleAppIdUserPool, googleAppSecretUserPool

Just to be thorough, I went and reconnected the repository, clearing out the existing hook in my repo settings prior, kicking off another build.

The Cloning repository phase reports:

2020-04-14T11:04:41.195Z [INFO]: Note: checking out '3e9e8fb41abb0d6461672088879fe64966621f68'.
                                 You are in 'detached HEAD' state. You can look around, make experimental
                                 changes and commit them, and you can discard any commits you make in this
                                 state without impacting any branches by performing another checkout.
                                 If you want to create a new branch to retain commits you create, you may
                                 do so (now or later) by using -b with the checkout command again. Example:
                                 git checkout -b <new-branch-name>
                                 HEAD is now at 3e9e8fb docs: revert fake edit

Which I'm guessing is why the There was an issue connecting to your repo provider error is showing up, which it did again.

And 🥁 🥁 🥁 💣

The build fails again with the same headless init error as mentioned above.

I hope that's enough info for you. If not, let me know.

And just a reminder (I've mentioned this prior), I have excluded amplify/team-provider-info.json from the repo, because it contains secrets and my repo is public.

This process has worked flawlessly for me on numerous non-federatedSignIn projects prior. I'm really surprised that this is "new" issue.

[mharrvic]

I got it working on my end. I guess it only happens upon pulling auth settings to new project $ amplify pull --appId yourID --envName yourENV

Just copy the team-provider-info.json from your original setup and paste to other setup. And amplify push

here's my team-provider-info.json

{
  "prod": {
    "awscloudformation": {
      "AuthRoleName": "amplify-bulokTae-prod-69696969-authRole",
      "UnauthRoleArn": "arn:aws:iam::98237982374937:role/amplify-bulokTae-prod-69696969-unauthRole",
      "AuthRoleArn": "arn:aws:iam::98237982374937:role/amplify-bulokTae-prod-69696969-authRole",
      "Region": "ap-southeast-1",
      "DeploymentBucketName": "amplify-bulokTae-prod-69696969-deployment",
      "UnauthRoleName": "amplify-bulokTae-prod-69696969-unauthRole",
      "StackName": "amplify-bulokTae-prod-69696969",
      "StackId": "arn:aws:cloudformation:ap-southeast-1:98237982374937:stack/amplify-bulokTae-prod-69696969/be7691a0-7f0f-11ea-8531-0a58c7c408be",
      "AmplifyAppId": "d3ldsjafaasddd"
    },
    "categories": {
      "auth": {
        "bulokTae77df9dab": {
          "hostedUIProviderCreds": "[{\"ProviderName\":\"Facebook\",\"client_id\":\"6969696969696\",\"client_secret\":\"0169696969669696\"}]"
        }
      }
    }
  }
}

the only missing from new setup ($ amplify pull --appId yourID --envName yourENV ) is

"categories": {
      "auth": {
        "bulokTae77df9dab": {
          "hostedUIProviderCreds": "[{\"ProviderName\":\"Facebook\",\"client_id\":\"6969696969696\",\"client_secret\":\"0169696969669696\"}]"
        }
      }
    }

[swaminator]

@kimfucious thanks for the detailed post. We're investigating this now.

[kimfucious]

Thanks, @swaminator

It could very well that I'm doing something dumb, but I feel like I've tried everything you've recommended. Do let me know if I can try something else and/or provide more detail.

[akhockey21]

We need the user pool environment variables as well. https://github.com/aws-amplify/amplify-console/issues/206#issuecomment-607499826

That will at least make new auth deployments usable for people on new amplify projects.

[kevin-mitchell]

@kimfucious thanks for taking the time to post those details, it saved me from trying to start over from scratch. I have one (mainly unrelated if i were honest!) followup if you have time: you mentioned excluding amplify/team-provider-info.json from your project - I'm wondering if this is normal to do or if you had to work around this somehow?

This is likely dumb (or at least lazy?) question, but I'm not entirely clear which files are actually important for me to keep under source control vs which files should be .gitignored. I would have imagined that anything that wasn't needed would be added to gitignore by amplify CLI on project init, but maybe not?

@swaminator FYI in my case I have an existing project with a team-provider-info.json file that looks like this (I scrubbed secrets):

{
    "master": {
        "awscloudformation": {
            "AuthRoleName": "amplify-myproject-master-123456-authRole",
            "UnauthRoleArn": "arn:aws:iam::99999999999:role/amplify-myproject-master-123456-unauthRole",
            "AuthRoleArn": "arn:aws:iam::99999999999:role/amplify-myproject-master-123456-authRole",
            "Region": "us-west-2",
            "DeploymentBucketName": "amplify-myproject-master-123456-deployment",
            "UnauthRoleName": "amplify-myproject-master-123456-unauthRole",
            "StackName": "amplify-myproject-master-123456",
            "StackId": "arn:aws:cloudformation:us-west-2:99999999999:stack/amplify-myproject-master-123456/777777777-4444444-7777-4444-999999999",
            "AmplifyAppId": "scrubbbbbbbb999999"
        },
        "categories": {
            "function": {
                "myproject4545454PreSignup": {
                    "DOMAINWHITELIST": "blah.com",
                    "VALIDEMAILS": "blah@blah.com"
                },
                "myproject4545454PostAuthentication": {},
                "myproject4545454PreAuthentication": {},
                "configurations": {}
            },
            "auth": {
                "myproject4545454": {
                    "googleClientId": "XXXXX.apps.googleusercontent.com",
                    "hostedUIProviderCreds": "[{\"ProviderName\":\"Google\",\"client_id\":\"XXXX.apps.googleusercontent.com\",\"client_secret\":\"YYYYYYYYY\"}]"
                }
            }
        }
    }
}

but I've also added the configuration keys mentioned above:

But still the build fails (as others are mentioning):

2020-04-19T14:22:49.073Z [WARNING]: - Initializing your environment: master
2020-04-19T14:22:49.443Z [WARNING]: ✔ Initialized provider successfully.
2020-04-19T14:22:49.477Z [WARNING]: ✖ There was an error initializing your environment.
2020-04-19T14:22:49.477Z [INFO]: init failed
2020-04-19T14:22:49.479Z [INFO]: Error: auth headless init is missing the following inputParams googleAppIdUserPool, googleAppSecretUserPool
                                 at updateConfigOnEnvInit (/root/.nvm/versions/node/v10.16.0/lib/node_modules/@aws-amplify/cli/node_modules/amplify-category-auth/provider-utils/awscloudformation/index.js:369:15)

Are there additional steps I need to take?

[kimfucious]

Hi @kevin-mitchell

The reason, for me at least, to exclude the team-provider-info.json file from my repo is because my repo is public and, since I'm using federated sign in, not excluding it would expose the secret keys for my external auth providers (e.g. Amazon, Facebook, Google).

I believe that the team-provider-info.json is there to make it super easy for teams to work on a project, but, IMHO, it should only be used in a private repo, unless you're dang sure that you're not sharing the family jewels with the world.

At present, this is the only file that I manually exclude, deferring to the modifications that Amplify makes to .gitignore for the rest.

I should mention here again that I've excluded this file on several past Amplify projects where I was not using federated sign in, and the the process has worked well. So my gut tells me this is something related to federated sign in, and the suggested workarounds thus far seem to indicate this as well.

That said, I don't yet have a working workaround yet, but I'm hopeful that the some fine person will come up with a solution if they get enough tacos 🌮 !