stackoom
  简体   繁体   中英

Cognito custom claims missing with Amplify but not with Appsync Console

 原文  2018-08-14 12:07:19       amazon-cognito/ claims-based-identity/ aws-appsync/ aws-amplify/ custom-attribute

Question

I have the following resolver, allowing me to retrieve information about the current user company (companyId is added as a custom field on the cognito user pool). The field on cognito is set to mutable.

{ "version" : "2017-02-28", "operation" : "GetItem", "key": { "id" : $util.dynamodb.toDynamoDBJson($context.identity.claims.get("custom:companyId")) } }

-

This works fine when using the AWS AppSync interface (after login in) as the logs show:

{ "errors": [], "mappingTemplateType": "Request Mapping", "path": "[getMyClientCompany]", "resolverArn": "arn:aws:appsync:eu-west-1:261378271140:apis/rue25cac6jc6vfbhvu32sjafqy/types/Query/fields/getMyClientCompany", "transformedTemplate": "{\\n \\"version\\" : \\"2017-02-28\\",\\n \\"operation\\" : \\"GetItem\\",\\n \\"key\\": {\\n \\"id\\" : {\\"S\\":\\"0c1c81db-a771-4856-9a30-d11bf8e3cab1\\"}\\n }\\n}", "context": { "arguments": {}, "source": null, "result": null, "error": null, "outErrors": [] }, "fieldInError": false }

-

But doesn't work when the code comes from Amplify-js:

{ "errors": [], "mappingTemplateType": "Request Mapping", "path": "[getMyClientCompany]", "resolverArn": "arn:aws:appsync:eu-west-1:261378271140:apis/rue25cac6jc6vfbhvu32sjafqy/types/Query/fields/getMyClientCompany", "transformedTemplate": "{\\n \\"version\\" : \\"2017-02-28\\",\\n \\"operation\\" : \\"GetItem\\",\\n \\"key\\": {\\n \\"id\\" : {\\"NULL\\":null}\\n }\\n}", "context": { "arguments": {}, "source": null, "result": null, "error": null, "outErrors": [] }, "fieldInError": false }

The key that should be "custom:companyId" is "NULL" now I imagine the issue is either with Amplify (version 0.4.8) or with the cognito user resolver for some reason

Any idea what could be going on?

1 answers

solution1
 3  2018-09-04 15:15:42

There are two JWT tokens Cognito may utilize. ID and Access. ID token seems to contain those custom claims.

From Amplify you tweak the Authorization header to use ID token vs Access token.

Here's the code, put it in AWS Amplify configuration: 

API: {
  graphql_endpoint: 'https://****.appsync-api.***.amazonaws.com/graphql',
  graphql_region: '***',
  graphql_authenticationType: 'AMAZON_COGNITO_USER_POOLS',
  graphql_headers: async () => {
    try {
      const token = (await Auth.currentSession()).idToken.jwtToken;
      return { Authorization: token }
    }
    catch (e) {
      console.error(e);
      return {};
      // Potentially you can retrieve it from local storage
    }
  }
}

Note, there seem to be several different keys to configure Amplify keys: for example, aws_appsync_graphqlEndpoint vs API { graphql_endpoint } , I used the latter.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS Amplify AppSync Login using Google user that's created in Cognito Authenticate AppSync queries console with Cognito User Pools Custom Authentication flow with aws amplify cognito AWS Cognito, AWS Amplify and custom scopes? AWS Amplify (AppSync + Cognito) Authorization using dynamic groups per organitzation/tenant AWS Amplify Cognito | Missing region in config after I refresh page Angular Amplify init Cognito: Profile configuration is missing for default Appsync graphql authorization with cognito AWS Cognito custom static claims for all users in user pool AWS Cognito Next js Aws-amplify custom login page
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM