search

aws-amplify / amplify-js

A declarative JavaScript library for application development using cloud services.
https://docs.amplify.aws/lib/q/platform/js
Apache License 2.0
9.41k stars 2.11k forks source link

Manually configuring an API Gateway Authorizer for use with @aws-amplify/api authenticated requests #1702

Closed ajhool closed 5 years ago

ajhool commented 5 years ago

Which Category is your question related to? Auth + API

What AWS Services are you utilizing? API Gateway, Lambda, Cognito, AWS Serverless Application Model + Cloudformation

Provide additional details e.g. code snippets We're currently using the AWS Amplify client library while configuring our backend with AWS Serverless Application Model (SAM). I just wanted to confirm that our understanding of AWS Amplify's Authentication approach is correct:

Are the following two statements correct?:

  1. To configure an API Gateway endpoint as a proxy to Lambda so that the Lambda function can access event.requestContext.identity.cognitoIdentityId, we need to add an Authorizer to the API Gateway. The Authorizer should have type: COGNITO_USER_POOLS. The Authorizer's header should be: "method.request.header.Authorization"

  2. Without configuring the Authorizer, event.requestContext.identity.cognitoIdentityId will be null, even if AWSAmplify is the client. The Lambda proxy integration does not populate the identity field by default>

Put together, something like this:

  #template.yaml
  Authorizer:
    Name: CustomerCognitoAuthorizer
    Type: COGNITO_USER_POOLS
    ProviderARNs:
      - !Ref CustomerCognitoPoolARN
    IdentitySource: "method.request.header.Authorization"

  -------
  // lambdaFunction.ts
  function handler(event, context, handler) {
    if(event.requestContext.identity.cognitoIdentityId) {
      handler(null, 'Hello Authenticated Client Side!');
    }
  }

  -------
  // client side, using AWS Amplify
  await Auth.signIn(...); //success
  const result = await API.get('APIName', '/path', {});
  // result === 'Hello Authenticated Client Side!');

This upcoming PR should add the Authorizer functionality to SAM, as it does not currently exist. https://github.com/awslabs/serverless-application-model/pull/546

kmb266 commented 5 years ago

any update here?

jordanranz commented 5 years ago

Hey @ajhool, apologies for the late response.

I believe this is something that the Amplify CLI does for you. With the CLI it uses the aws-serverless-express/middleware here from the following repo: https://github.com/awslabs/aws-serverless-express

Did you make any progress on this implementation or have an update?

@kmb266, do you have any specifics to add?

stale[bot] commented 5 years ago

This issue has been automatically closed because of inactivity. Please open a new issue if are still encountering problems.

github-actions[bot] commented 3 years ago

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.