Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to connect to AWS AppSync using Cognito Identity Pools and Amplify

Tags:

javascript

authentication

amazon-web-services

aws-appsync

aws-amplify

I have an AWS AppSync API that uses IAM roles for authentication. I'm using the Amplify GraphQL client to connect to the AppSync server. The image below describes the steps that need to take place to get the IAM credentials, which I'm assuming Amplify is capable of performing. However, I can't find any documentation on how to set up a working example.

Note that I'm using a Cognito user pool directly for authentication, not an external provider like Google or Facebook.

Access AWS Services with a User Pool and an Identity Pool

So far I'm able to authenticate the user and get a JWT Token (step 1):

const Amplify = require('aws-amplify').default
const { Auth } = require('aws-amplify')


Amplify.configure({
  Auth: {
    region: process.env.AWS_REGION,
    userPoolId: process.env.COGNITO_USERPOOL_ID,
    userPoolWebClientId: process.env.COGNITO_WEBCLIENT_ID,
  },
})

Auth.signin(username, password)
  .then((user) => {
    const token = user.idToken.jwtToken
    // I've got the token - what next?
  })

How can I request the IAM credentials from the identity pool (step 2), and use them to access the AppSync API (step 3) using Amplify?

If Amplify isn't able to get the credentials itself, I can use AWS.CognitoIdentityCredentials to request them using the AWS SDK, however, I can't see a way of passing them to Amplify to authenticate the API requests (refer to this issue I created for more details).

like image 392
Jonathan Holvey Avatar asked Oct 15 '25 04:10

Jonathan Holvey

2 Answers

I was able to use cognito to authenticate my client and then passed the jwtToken to the aws-appsync client to be able to use APPSYNC with AMAZON_COGINITO_USER_POOLS. Also in the code you will see where I used API_KEY as an alternative. I left the API_KEY commented out. I share this as an alternative for those that also want to try to access with Apollo client and aws-appsync.

if (!process.browser) {
  global.fetch = require('node-fetch')
}

const appSyncClientOptions = {
  url: awsConfig.aws_appsync_graphqlEndpoint, 
  region: awsConfig.aws_appsync_region,
  auth: {
    // type: 'API_KEY',
    // apiKey: awsConfig.aws_appsync_apiKey,
    type: awsConfig.aws_appsync_authenticationType,   // 'AMAZON_COGNITO_USER_POOLS'
    jwtToken: async () => (await Auth.currentSession()).getAccessToken().getJwtToken()
  },
  disableOffline: true,
};

const apolloClientOptions = {
  link: createAppSyncLink({
    ...appSyncClientOptions,
    resultsFetcherLink: createHttpLink({ uri: appSyncClientOptions.url, fetch })
  })  
};

const client = new Client(appSyncClientOptions, apolloClientOptions);

const WithProvider = () => (
  <ApolloProvider client={client}>
    <Rehydrated>
      <GqlList />
    </Rehydrated>
  </ApolloProvider>
)

export default WithProvider;
like image 130
G Clark Avatar answered Oct 17 '25 16:10

G Clark

if your amplify config has an AppSync API with AWS_IAM authentication and a cognito user pool, Amplify will use the id token to get AWS credential automatically.

To actually call the AppSync API, all you have to do is:

API.graphql({query})
like image 27
Ionut Trestian Avatar answered Oct 17 '25 16:10

Ionut Trestian
Sign in to Comment

Related questions

AWS S3 Inaccessible host
Trying to sign a jwt returns undefined

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!