By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AppSync resolvers unable to identify the Cognito Auth and unable to resolve $context.identity

1

I am developing appsync resolvers with Cognito userpools and default Auth mode. The resolver mapping context doesn't seem to understand the $context. identity within the AppSync resolvers.

Error

I'm getting the error TS2339: Property username does not exist in type Identity. Property 'username does not exist on type 'AppSyncIdentityOIDC. when I use the ctx.identity within the Resolvers.

AppSync resolver

import { util } from '@aws-appsync/utils';

/**
 * Puts an item into the DynamoDB table.
 * using @aws_cognito_user_pools in schema
 * @param {import('@aws-appsync/utils').Context<{input: any}>} ctx the context
 * @returns {import('@aws-appsync/utils').DynamoDBPutItemRequest} the request
 */
export function request(ctx) {
    const { email, name } = ctx.args.input;
    const values = {
        email,
        name
        }

    return {
        "operation": "PutItem",
        "key": {
            "Id" : util.dynamodb.toDynamoDB(ctx.identity.username)
        },
        "attributeValues" : util.dynamodb.toMapValues(values)
    }
}

I can see the cognito userName and claims in the cloudwatch Logs

Logs

{
    "logType": "RequestFunctionEvaluation",
    "path": [
        "createUser"
    ],
    "fieldName": "createUser",
    "resolverArn": "arn:aws:appsync:xxxxx/types/Mutation/resolvers/createUser",
    "requestId": "xxxx-8c7ca",
    "context": {
        "arguments": {
            "input": {
                "email": "testUser@az.com",
                "name": "testUser"
            }
        },
        "stash": {},
        "outErrors": []
    },
    "fieldInError": true,
    "evaluationResult": {
        "operation": "PutItem",
        "key": {
            "Id": {
                "claims": {
                    "sub": "xxxxxx",
                    "email_verified": true,
                    "iss": "https://cognito-idp.us-east-1.amazonaws.com/xxxxxx",
                    "cognito:username": "testUser10",
                    .....
                    "email": "testUser@az.com"
                },
                "defaultAuthStrategy": "ALLOW",
                "issuer": "https://cognito-idp.us-east-1.amazonaws.com/xxxxxx",
                "sourceIp": [
                    "xxxxxx"
                ],
                "sub": "c478c4f8-4011-70bf-3ac5-03f79e6546ee",
                "username": "testUser10"
            }
        },
        "attributeValues": {
            ...
    },
    "errors": [
        "Runtime Error"
    ],
    "parentType": "Mutation",
    "graphQLAPIId": "xxxxxx"
}

I just want to get the email and username from the context and populate my datasource(Dynamo).

What am I doing wrong here?

Topics
ServerlessFront-End Web & MobileApplication IntegrationSecurity, Identity, & Compliance
Tags
AWS AppSyncAmazon Cognito
Language
English
AWS
balumath
asked 7 months ago157 views
1 Answer
0

I had a similar issue when I switched from API key authentication to Cognito user pool based authentication - the resolver editor would not recognize the new identity structure.

I solved it by replacing the nested object notation (context.identity.username) with the more generic notation (context.identity['username']) cause JavaScript can deal with both types of syntax.

Johannes Geiger
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content