Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

AppSync resolvers unable to identify the Cognito Auth and unable to resolve $context.identity

1

I am developing appsync resolvers with Cognito userpools and default Auth mode. The resolver mapping context doesn't seem to understand the $context. identity within the AppSync resolvers.

Error

I'm getting the error TS2339: Property username does not exist in type Identity. Property 'username does not exist on type 'AppSyncIdentityOIDC. when I use the ctx.identity within the Resolvers.

AppSync resolver

import { util } from '@aws-appsync/utils';

/**
 * Puts an item into the DynamoDB table.
 * using @aws_cognito_user_pools in schema
 * @param {import('@aws-appsync/utils').Context<{input: any}>} ctx the context
 * @returns {import('@aws-appsync/utils').DynamoDBPutItemRequest} the request
 */
export function request(ctx) {
    const { email, name } = ctx.args.input;
    const values = {
        email,
        name
        }

    return {
        "operation": "PutItem",
        "key": {
            "Id" : util.dynamodb.toDynamoDB(ctx.identity.username)
        },
        "attributeValues" : util.dynamodb.toMapValues(values)
    }
}

I can see the cognito userName and claims in the cloudwatch Logs

Logs

{
    "logType": "RequestFunctionEvaluation",
    "path": [
        "createUser"
    ],
    "fieldName": "createUser",
    "resolverArn": "arn:aws:appsync:xxxxx/types/Mutation/resolvers/createUser",
    "requestId": "xxxx-8c7ca",
    "context": {
        "arguments": {
            "input": {
                "email": "testUser@az.com",
                "name": "testUser"
            }
        },
        "stash": {},
        "outErrors": []
    },
    "fieldInError": true,
    "evaluationResult": {
        "operation": "PutItem",
        "key": {
            "Id": {
                "claims": {
                    "sub": "xxxxxx",
                    "email_verified": true,
                    "iss": "https://cognito-idp.us-east-1.amazonaws.com/xxxxxx",
                    "cognito:username": "testUser10",
                    .....
                    "email": "testUser@az.com"
                },
                "defaultAuthStrategy": "ALLOW",
                "issuer": "https://cognito-idp.us-east-1.amazonaws.com/xxxxxx",
                "sourceIp": [
                    "xxxxxx"
                ],
                "sub": "c478c4f8-4011-70bf-3ac5-03f79e6546ee",
                "username": "testUser10"
            }
        },
        "attributeValues": {
            ...
    },
    "errors": [
        "Runtime Error"
    ],
    "parentType": "Mutation",
    "graphQLAPIId": "xxxxxx"
}

I just want to get the email and username from the context and populate my datasource(Dynamo).

What am I doing wrong here?

Themen
ServerlosFrontend-Web & MobileAnwendungsintegrationSicherheit, Identität & Konformität
Tags
AWS AppSyncAmazon Cognito
Sprache
English
AWS
balumath
gefragt vor 7 Monaten175 Aufrufe
1 Antwort
0

I had a similar issue when I switched from API key authentication to Cognito user pool based authentication - the resolver editor would not recognize the new identity structure.

I solved it by replacing the nested object notation (context.identity.username) with the more generic notation (context.identity['username']) cause JavaScript can deal with both types of syntax.

Johannes Geiger
beantwortet vor 3 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt