Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Manually configuring an API Gateway Authorizer for use with @aws-amplify/api authenticated requests #1702

Closed
ajhool opened this issue Sep 20, 2018 · 4 comments
Closed

Manually configuring an API Gateway Authorizer for use with @aws-amplify/api authenticated requests #1702

ajhool opened this issue Sep 20, 2018 · 4 comments
Assignees
@elorzafe
Labels
API Related to REST API issues question General question

Comments

@ajhool
Copy link

ajhool commented Sep 20, 2018
edited
Loading

Which Category is your question related to?
Auth + API

What AWS Services are you utilizing?
API Gateway, Lambda, Cognito, AWS Serverless Application Model + Cloudformation

Provide additional details e.g. code snippets
We're currently using the AWS Amplify client library while configuring our backend with AWS Serverless Application Model (SAM). I just wanted to confirm that our understanding of AWS Amplify's Authentication approach is correct:

Are the following two statements correct?:

  1. To configure an API Gateway endpoint as a proxy to Lambda so that the Lambda function can access event.requestContext.identity.cognitoIdentityId, we need to add an Authorizer to the API Gateway. The Authorizer should have type: COGNITO_USER_POOLS. The Authorizer's header should be: "method.request.header.Authorization"

  2. Without configuring the Authorizer, event.requestContext.identity.cognitoIdentityId will be null, even if AWSAmplify is the client. The Lambda proxy integration does not populate the identity field by default>

Put together, something like this:

  #template.yaml
  Authorizer:
    Name: CustomerCognitoAuthorizer
    Type: COGNITO_USER_POOLS
    ProviderARNs:
      - !Ref CustomerCognitoPoolARN
    IdentitySource: "method.request.header.Authorization"

  -------
  // lambdaFunction.ts
  function handler(event, context, handler) {
    if(event.requestContext.identity.cognitoIdentityId) {
      handler(null, 'Hello Authenticated Client Side!');
    }
  }

  -------
  // client side, using AWS Amplify
  await Auth.signIn(...); //success
  const result = await API.get('APIName', '/path', {});
  // result === 'Hello Authenticated Client Side!');

This upcoming PR should add the Authorizer functionality to SAM, as it does not currently exist.
aws/serverless-application-model#546
@nidsharm nidsharm added the API Related to REST API issues label Sep 21, 2018
@kmb266
Copy link

kmb266 commented Feb 14, 2019

any update here?

@elorzafe elorzafe added investigating This issue is being investigated and removed investigating This issue is being investigated labels Mar 1, 2019
@jordanranz jordanranz added question General question and removed investigating This issue is being investigated labels Jun 3, 2019
@jordanranz
Copy link
Contributor

Hey @ajhool, apologies for the late response.

I believe this is something that the Amplify CLI does for you. With the CLI it uses the aws-serverless-express/middleware here from the following repo: https://github.com/awslabs/aws-serverless-express

Did you make any progress on this implementation or have an update?

@kmb266, do you have any specifics to add?

@stale
Copy link

stale bot commented Jun 16, 2019

This issue has been automatically closed because of inactivity. Please open a new issue if are still encountering problems.

@stale stale bot closed this as completed Jun 16, 2019
@blomm blomm mentioned this issue Nov 5, 2019
Open
@github-actions
Copy link

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 12, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@elorzafe elorzafe

Labels
API Related to REST API issues question General question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jordanranz @ajhool @kmb266 @nidsharm @elorzafe