search

aws-amplify / amplify-js

A declarative JavaScript library for application development using cloud services.
https://docs.amplify.aws/lib/q/platform/js
Apache License 2.0
9.42k stars 2.12k forks source link

Signer removed in v6 #13340

Open abarke opened 5 months ago

abarke commented 5 months ago

Before opening, please confirm:

JavaScript Framework

Vue

Amplify APIs

Authentication

Amplify Version

v6

Amplify Categories

auth

Backend

None

Environment information

``` System: OS: Windows 11 10.0.22631 CPU: (12) x64 12th Gen Intel(R) Core(TM) i7-1255U Memory: 14.51 GB / 39.68 GB Binaries: Node: 18.15.0 - C:\Program Files\nodejs\node.EXE Yarn: 1.22.19 - C:\Program Files\nodejs\yarn.CMD npm: 9.5.0 - C:\Program Files\nodejs\npm.CMD pnpm: 8.15.5 - C:\Program Files\nodejs\pnpm.CMD bun: 1.1.4 - ~\.bun\bin\bun.EXE Browsers: Edge: Chromium (123.0.2420.97) Internet Explorer: 11.0.22621.3527 npmGlobalPackages: @aws-amplify/cli: 11.0.5 @deptagency/octopus: 1.5.1 corepack: 0.15.3 esbuild: 0.18.17 fast-cli: 3.2.0 http-server: 14.1.1 npm: 9.5.0 qrcode-terminal: 0.12.0 serverless: 3.30.1 typescript: 5.0.4 yarn: 1.22.19 ```

Describe the bug

import { Signer } from "aws-amplify";

Signer export has been removed. I found it somewhere in the core, but could not find a way to import it. I tried "aws-amplify/utils" with no avail.

I could find in node import { Signer } from "@aws-amplify/core/dist/esm/Signer" but again no clean import.

image

Could we have something like this please?

import { signRequest } from "@aws-amplify/core"

No mention about this breaking change in https://docs.amplify.aws/gen1/javascript/build-a-backend/auth/auth-migration-guide/

Expected behavior

import { signRequest } from "@aws-amplify/core"

Reproduction steps

import { Signer } from "aws-amplify";

Code Snippet

import { Signer } from "aws-amplify";

Log output

``` // Put your logs below this line ```

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

cwomack commented 5 months ago

Hello, @abarke and thank you for creating this issue. While the decision to remove support for the Signer export in v6 of Amplify was intentional, this is something that may have missed in our migration guides. I've marked this as a feature request to be considered for version parity and will review this with our team internally.

Beyond what you've already detailed in the description of this issue, can you share any further context/use cases for this? Thanks!

abarke commented 5 months ago

We use an open API generated TS library for our endpoints. To sign the requests we use an interceptor in the generated code so that it works as expected. We sign the requests manually. I switch to using @smithy/signature-v4 for now. That works fine.

// Custom middleware that signs the request with the current credentials
const awsSigningMiddleware: Middleware = {
  pre: async (context) => {
    const { headers } = await signRequest(
      context.init.method ?? "GET",
      context.url,
      parseBody(context.init.body),
    );

    // Update the fetch request headers with the signed headers
    context.init.headers = {
      ...headers,
    };

    return context;
  },
};

// Custom middleware for error handling
const errorHandlingMiddleware: Middleware = {
  onError: async (context) => {
    const h3Error = apiErrorHandler(context.error);

    console.error(h3Error);

    return context.response;
  },
};

// Configure the API client with the custom middleware
const apiConfig = new Configuration({
  middleware: [awsSigningMiddleware, errorHandlingMiddleware],
});

// Create the API client with the custom configuration
export const api = new DefaultApi(apiConfig);
abarke commented 5 months ago

Here is the current workaround using @smithy/signature-v4:

async function signRequest(method: string, uri: string, body?: string) {
  const { credentials } = await fetchAuthSession();

  if (credentials === undefined) {
    throw new Error("Unauthorized");
  }

  const url = new URL(uri);

  const request = new HttpRequest({
    hostname: url.hostname,
    path: url.pathname + url.search,
    method,
    body,
    headers: {
      host: url.hostname, // host is required by AWS Signature V4
      "Content-Type": "application/json",
    },
  });

  const signer = new SignatureV4({
    credentials,
    region,
    service,
    sha256: Sha256,
  });

  return signer.sign(request);
}
cwomack commented 5 months ago

@abarke, thanks for the code example showing the workaround. Using the @smithy/signature-v4 is the workaround we'd recommend as well at this point and we'll update this issue if we have further progress or questions. Thanks!

AtharvArolkar commented 5 months ago

https://stackoverflow.com/q/78465559/20597701, Amplify V6 Rest api doesnt seem to sign the request

OrmEmbaar commented 1 week ago

Not sure when this changed, but for future Googlers we're importing it directly from @aws-sdk as import { SignatureV4 } from '@aws-sdk/signature-v4';.

HuiSF commented 1 week ago

Hi @AtharvArolkar sorry about the delayed response. We had any issue that IAM and x-api-key cannot be applied in a combo with the REST API. I think the StackOverflow question you posted was caused by this. This issue has been fixed since version 6.5.3 could you give it a try?