I'd like to get Amplify auth username on Amplify function with Amplify REST API. #2534
Comments
|
Hey @hi120ki, since you're talking about authenticated users, you should be able to get away with something like this: Let me know if that is helpful. Edit: Wow, sorry, I missed the point. This is inside a Lambda, not the client, so importing Amplify is a bit overkill. It seems like the best solution would be to set a custom header on app initialization that always sends the username as a header to your lambda. Then you just check for that header in your lambda and return a 4xx if the header is not present. Edit2: Okay, upon multiple tired readings, I'm not sure which you are asking, but either one of the two solutions I previously posted should be helpful for you. |
|
@hi120ki what if you send the JWT on the body of the request and then validate the token on your function and extract the username? |
yuth
added
functions
|
Thank you for answering my question. https://aws-amplify.github.io/docs/js/api#cognito-user-pools-authorization To do this, I have to set "custom authorizer" to API Gateway. But, today's amplify-cli may not support to set this. |
yuth
added
feature-request
|
I am adding this to our backlog, once the product team prioritizes this we will work on this issue. |
|
@hi120ki does the preflight request return 200? |
|
@jkeys-ecg-nmsu Yes, OPTIONS request returns 200. But POST request returns 403. |
|
@yuth is retrieving user data on back-end side (that made a request) still not possible with Amplify? |
|
This seems strongly related to aws-amplify/amplify-category-api#345. I'm concerned the approach suggested above of passing username from the client would be a huge security hole. |
|
Hey @hi120ki 👋 as @pnewhook pointed out this is related to the feature request: aws-amplify/amplify-category-api#345 In the meantime we can leverage a REST API override to create and attach a Cognito authorizer to ultimately retrieve values such as /**
* @type {import('@types/aws-lambda').APIGatewayProxyHandler}
*/
export async function handler(event) {
console.log(`EVENT: ${JSON.stringify(event)}`)
const { claims } = event.requestContext.authorizer
return {
statusCode: 200,
headers: {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Headers': '*',
},
body: JSON.stringify(`Hello, ${claims['cognito:username']}!`),
}
}Closing in favor of tracking aws-amplify/amplify-category-api#345, please subscribe to the linked issue for further updates 🙂 |
josefaidt
added
the
duplicate
This is future request of Amplify REST API authorisation.
I'd like to get Cognito (Amplify auth) username on Amplify function with Amplify REST API.
(A logged-in user call my api, I'd like to get this user's username on Lambda.)
First, I created Amplify auth, and created Amplify REST API.
(function type > Serverless framework with express.js)
(Restrict API access > Authenticated users only)
I'd like to get Cognito username on Amplify function, but I can't get property related with Cognito username on Lambda function.
(This is my lambda code. I think I can get username from "req" property, but I can't.)
Maybe Amplify REST API's "Restrict API access" is configured by IAM Permissions with Cognito.
https://docs.aws.amazon.com/apigateway/latest/developerguide/permissions.html
I think this is why I can't get username on Lambda.
An alternative solution is using "Control Access to a REST API Using Amazon Cognito User Pools as Authorizer".
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html
Will you support this way?
Getting username who call API is necessary to build secure system.
I'm waiting for your great support. Thank you.
The text was updated successfully, but these errors were encountered: