search

brendanhay / amazonka

A comprehensive Amazon Web Services SDK for Haskell.
https://amazonka.brendanhay.nz
Other
605 stars 226 forks source link

How do you call totally unauthenticated APIs, like Cognito InitiateAuth? #818

Closed jeapostrophe closed 2 years ago

jeapostrophe commented 2 years ago

send requires an Env and newEnv FromWebIdentity requires a token file. But I am using AWS to do authentication with Cognito. At the command-line, you can run:

curl --location --request POST 'https://cognito-idp.us-east-1.amazonaws.com/' \
--header 'X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth' \
--header 'Content-Type: application/x-amz-json-1.1' \
--data-raw '{
    "AuthFlow": "USER_PASSWORD_AUTH",
    "AuthParameters": {
        "PASSWORD": "the_users_password",
        "USERNAME": "the_users_email"
    },
    "ClientId": "the_cognito_client_id"
}'

I expect amazonka to allow me to do this with

x <- newEnvNoAuth
send x Amazonka.CognitoIdentityProvider.InitiateAuth.newInitiateAuth

But x is the wrong type. Am I missing something? Do I need to use a "normal" HTTP/JSON library and then start using Amazonka?

jeapostrophe commented 2 years ago

I looked in the source and found https://github.com/brendanhay/amazonka/blob/main/lib/amazonka/src/Amazonka/Send.hs#L76 but it is not on this page https://amazonka.brendanhay.nz/docs/libZSamazonkaZSamazonka/Amazonka.html

endgame commented 2 years ago

The answer to your question is indeed to use sendUnsigned or sendUnsignedEither; those functions definitely exist and the docs on amazonka.brendanhay.nz are not up to date.

https://github.com/brendanhay/amazonka/blob/a4356591e151df86519b3bd2ccca1518c22e8b17/lib/amazonka/src/Amazonka/Send.hs#L52-L69

If you packaged your Cognito request into a function whose type ended with EnvNoAuth -> m Env, you could then pass it to newEnv instead of newEnv discover when initialising the amazonka environment you use to make real calls. This should be fairly ergonomic. I don't think I'd add such a function to amazonka proper, because that would make everyone depend on amazonka-cognito, but it could be a nice auxiliary library for someone to write eventually.

I'll close this issue now because there's no bug that I can see, but feel free to write back.

@brendanhay documentation generation for amazonka.brendanhay.nz has been broken for a long time now, do you have time to look at it? Last I remember it was credentials/auth related, so nothing I can fix.

jeapostrophe commented 2 years ago

Thank you!