Using Cognito in AWS lambda to access graphQL APIs

[Amogh-G-K]

Before opening, please confirm:

• [X] I have searched for duplicate or closed issues and discussions.
• [X] I have read the guide for submitting bug reports.
• [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

React

Amplify APIs

Authentication, GraphQL API

Amplify Categories

auth, api

Environment information

``` # Put output below this line System: OS: Windows 10 10.0.19043 CPU: (4) x64 Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz Memory: 1.91 GB / 7.71 GB Binaries: Node: 14.16.1 - C:\Program Files\nodejs\node.EXE Yarn: 1.22.10 - ~\AppData\Roaming\npm\yarn.CMD npm: 6.14.12 - C:\Program Files\nodejs\npm.CMD Browsers: Edge: Spartan (44.19041.1023.0), Chromium (91.0.864.67) Internet Explorer: 11.0.19041.1 npmPackages: @aws-amplify/cli: ^4.13.1 => 4.43.0 @material-ui/core: 3.1.1 => 3.1.1 @material-ui/icons: 3.0.1 => 3.0.1 apollo-client: ^2.4.8 => 2.6.10 (2.4.6) assets: ^3.0.1 => 3.0.1 aws-amplify: ^1.3.3 => 1.3.3 aws-amplify-react: ^2.3.7 => 2.6.3 aws-appsync: ^1.7.0 => 1.8.1 aws-appsync-react: ^1.2.5 => 1.2.9 aws-sdk: ^2.610.0 => 2.940.0 (2.843.0, 2.518.0, 2.939.0, 2.472.0) chartist: 0.10.1 => 0.10.1 graphql: ^14.5.8 => 14.5.8 (14.0.0, 14.7.0, 0.13.0) graphql-tag: ^2.10.0 => 2.11.0 (2.10.1) history: 4.7.2 => 4.7.2 (4.10.1) moment: 2.22.2 => 2.22.2 (2.29.1) new-plugin-package: 1.0.0 node-sass-chokidar: 1.3.3 => 1.3.3 nouislider: 12.0.0 => 12.0.0 npm-run-all: 4.1.3 => 4.1.3 perfect-scrollbar: 1.5.0 => 1.5.0 query-string: ^6.3.0 => 6.14.0 razorpay: ^2.0.6 => 2.0.6 react: ^16.9.0 => 16.9.0 (16.14.0) react-apollo: ^2.3.3 => 2.5.8 react-big-calendar: 0.20.1 => 0.20.1 react-bootstrap-sweetalert: 4.4.1 => 4.4.1 react-chartist: 0.13.1 => 0.13.1 react-color: ^2.17.0 => 2.19.3 react-country-region-selector: ^1.4.3 => 1.4.7 react-datepicker: ^2.6.0 => 2.16.0 react-datetime: 2.15.0 => 2.15.0 react-dom: ^16.9.0 => 16.9.0 (16.14.0) react-google-maps: 9.4.5 => 9.4.5 react-grid-gallery: ^0.5.4 => 0.5.5 react-id-generator: ^0.1.6 => 0.1.6 react-jvectormap: 0.0.3 => 0.0.3 react-lightbox-component: ^1.2.1 => 1.2.1 react-rating: ^1.7.2 => 1.7.2 react-responsive-modal: ^4.0.1 => 4.0.1 react-router-dom: 4.3.1 => 4.3.1 react-scripts: ^2.1.2 => 2.1.8 react-select: ^3.0.8 => 3.2.0 react-spinners: ^0.5.4 => 0.5.13 react-star-ratings: ^2.3.0 => 2.3.0 react-swipeable-views: 0.13.0 => 0.13.0 react-table: 6.8.6 => 6.8.6 react-tagsinput: 3.19.0 => 3.19.0 react-typing-effect: ^2.0.2 => 2.0.4 rrule: ^2.6.0 => 2.6.8 sweetalert2: ^8.2.6 => 8.19.0 (7.33.1) sweetalert2-react: ^0.7.2 => 0.7.2 npmGlobalPackages: @aws-amplify/cli: 5.0.2 create-react-app: 4.0.3 yarn: 1.22.10 ```

Describe the bug

I have defined GraphQL object in schema.graphql like the following:

type Order
  @model
  @versioned
  @auth(
    rules: [
      {
        allow: owner
        ownerField: "owner"
        mutations: [create, update, delete]
        queries: [get, list]
      }
      {
        allow: groups
        groups: ["provisioners"]
        mutations: [create, update, delete]
        queries: [get, list]
      }
    ]
  ) {
  id: ID!
  amount: Float!
  amountPaid: Float
  amountDue: Float
  currency: String
  receipt: String
  notes: String
  status: OrderStatus
  attempts: Int
  createdAt: AWSDateTime
  updatedAt: AWSDateTime
  version: Int
}

But to get the data for the same I have to use a Lambda function ( to call another Third-party API ) and we are using Cognito as authentication. I referred the amplify documentation to call the GraphQL API in the lambda itself. But there were only 2 methods

1. without auth ( using API keys ).
2. using IAM. As both do not meet my current requirements, is there a way to access the GraphQL API using Cognito userpool in the Lambda function itself.

Expected behavior

To be able to call the GraphQL API in the lambda function using Cognito Userpool as the authentication type.

Reproduction steps

1. Create the lambda fucntion.
2. In Lambda function call the GraphQL API using the HTTPS request method mentioned here.

Code Snippet

// Put your code below this line.

Log output

``` // Put your logs below this line ```

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

[iartemiev]

Does your Lambda have access to the Access Token JWT for the user or group you would like to authenticate the request with? If so, you should be able to pass that along in the header of each request.

Something along the lines of:

const accessToken = // retrieve from event or context

API.graphql({query: listOrders, authMode: 'custom'}, {'Authorization': accessToken})

[Amogh-G-K]

I tried this by including the const API = require("@aws-amplify/api"); as to call the GraphQL API but I was not successful doing so as it said API.graphql is not a function. How to call the API in the Lambda as we can't call it using the HTTPS method mentioned here because it uses IAM and defeats the whole point ?

[chrisbonifacio]

Hi @Amogh-G-K sorry for the delay. Are you still in need of assistance?

One thing I notice in the code snippet you shared is that you might need to use a named import like this instead

const { API } = require("@aws-amplify/api");

[chrisbonifacio]

Hi 👋 Closing this as we have not heard back from you. If you are still experiencing this issue and in need of assistance, please feel free to comment and provide us with any information previously requested by our team members so we can re-open this issue and be better able to assist you. Thank you!

[github-actions[bot]]

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.