geoff-young

📝📞📹💻
Implement Federated Login
Created
Oct 10, 2021 03:56 AM
status
editing

Moving from a Cognito user pool API Gateway authorizer to an IAM authorizer with Next.js and SST CDK

And Google Sign in

 
Things I learned:
  • Better architecture to have users gain attributes eg: I had a cogntio post sign up trigger to add a whole bunch of default attributes to a user - not agile enough!
  • Next.js will automatically send API requests with the [unauth] Identity credentials as long as Amplify is configured with Cognito Identity on that page.
 
Errors:
this.auth = new sst.Auth(this, "Auth", {
      cognito: {
        userPool: {
          signInAliases: { email: true },
        },
      },
    });
When signing up I get - InvalidParameterException Username should be an email. I added username: true as well.
 
But thats not an attribute you can update, whats the best practice - in this case with no users, or users i dont care about - to remove and redeploy?
I'm getting 403 errors. Are all functions getting 403- auth and unauth?
Get /browse linked up correctly
`arn:aws:execute-api:${app.region}:${app.account}:${api.httpApiId}/getUser`,
api.httpApiId was undefined without me realizing it. Also logging in and out - doesn't matter, all these calls im making in getstatic props and paths are on the server anyways, so they're all unauth.
Although add notion page is client side, and that 403s as well.
The serverless stack guide says to pass in the API construct to attachPermissions fn, but the console says invalid permissions, when I pass the API.stackname, it builds. But then the permissions in my app aren't quite right?
All of the previous problems were because I was passing the apiStack to Cognito when I needed to be passing the api construct which exists on the apiStack (cause you can have multiple constructs in each stack)
In a previous function I just called:
event.requestContext.identity.cognitoIdentityId
But I'm getting it undefined now? Is there something up with not having username property on my identity? There doesn't seem any extra set-up for that in serverless. Why am I not able to get Username from the proxy request event? While in my example request proxy event it exists - is this because of moving from v1 to v2 api gateway? exactly that.
I wasn't getting the username from v1 - it was the literal cognitoIdentityId - how do you even get username from IAM?
I was using APIGatewayProxyEventV2 type for my api gateway and my incoming request is v1. I didn't set up the httpApi thing - stupid.
I legit cant tell if I'm using v1 or 2, the schema seems to match v2, but doesnt match the v2 event type.
Get Google sign in linked, see how it works with having a username.
I think I'm just going to use the prebuilt auth component... The next version seems to be HOC only.
How the fuck does social sign in work?> I thought there was sign up with google as well..?
My User POol gives me a Redirect URI which I feed to Google console. How do I find my cognito user pool URL? I guess I Just pair a username and save their ID in a DB.
  • so I'm not going to put username in the navbar because users are allowed to exist without usernames - they just won't have pages.
Create a create username input with notion Id; display solo before, at the same time?
My previous problem of logging in and the browser not refreshing - if I put state out of navbar and into app, it should work correctly. It did not - I think I need to put the setAuthState Fn into context for signOut to use.
What was that sanitizer notion used - i should get rid of double dashes too
check if put overwrites other values - I can't with my setup, because it either exists, do nothing, or create a whole new user. It does overwrite all other attributes
see if you need to return cors headers - looks like I don't need
how to send body with satusCOde 500? - im not even getting a body with 200;
  • even having an object { "error": "whatever" } will fail to return, it needs to be wrapped in JSON.stringify()
  • documentClient no longer uses S: etc, at least for get and put keys and query
I should use a Global secondary index so identity, then username 2 indexes
/your page state... router push after adding notionId, then, have navbar always forward to username, never "yourPage", might need to keep username in context?
Add context
My vercel server api calls are getting 403'd. Using identity with SSR - works out of the box with ..configure amplify - at least unauthed,
After logging in, I'm getting 'No current user" error when trying to use Amplify's Auth. I don't need to get access to the current user.
  1. Fix sign in
    /

    React Amplify sign in/ sign up example

    I'm adding Google sign in, but am too lazy to create a custom sign in component for it. So I'm deleting my previous custom sign in and replacing it with the prebuilt Amplify Authenticator.
    In case I want to go back to custom sign in component:
    Global user state in Next/js, using context, in dev, I push router to a new page, shows old context
    Whats the best way of doing auth, I had it in a useEffect in navbar but I don't think that worked with sign in/out, required refresh. Same effect with global app state.
    Is it because of my cacheing? I don't think so cause modifystate fn isnt getting called
    It wasn't calling the function properly, I put it inline and it worked - was because I wasn't deconstructing props ...e
    I get 2 more app rerender logs every relogin. I seperated the state out. Ugly. It does not cause the compounding renders though
    I have global state seperated as auth: t/f username: null/string . You can be auth'd without a username, but you can't have a username without auth. Can i have auth t/f/string?