https://serverless-stack.com/ logo
#guide
Title
# guide
m

Maks Babarowski

03/27/2021, 11:12 PM
Hi. I'm following the guide to build front-end app for my Serverless API and I think I'm missing something out... At that point where I'm supposed to shot my first request using Amplify API class, I'm told to do it in that kind of manner
Copy code
<http://API.post|API.post>("notes", "/notes", {
    body: note
  });
However, API Gateway response for it is 401. I assumed Amplify takes care of appending authorization headers, JWT and whatever since it handles Cognito user pool authorization. Yet in the Amplify docs , it says one needs to explicitly add Bearer token to the request to perform JWT authorization. Did I miss something following your guide?
j

Jay

03/27/2021, 11:13 PM
Whats the issue you are having with it?
m

Maks Babarowski

03/27/2021, 11:16 PM
Sorry, pressed the enter too soon, lol
j

Jay

03/27/2021, 11:29 PM
If you followed the guide it should be okay. Here's the sample repo, you can compare your setup to that.
m

Maks Babarowski

03/27/2021, 11:39 PM
Hmm, looking at it again I remembered I omitted
identityPoolId
. Isn't
userPoolId
sufficient if I'm not using identity pools?
Copy code
Amplify.configure({
  Auth: {
    mandatorySignIn: true,
    region: config.cognito.REGION,
    userPoolId: config.cognito.USER_POOL_ID,
    userPoolWebClientId: config.cognito.APP_CLIENT_ID
  },
  API: {
    endpoints: [
      {
        name: 'api',
        endpoint: config.apiGateway.URL,
        region: config.apiGateway.REGION
      },
    ]
  }
});
const config = {
  apiGateway: {
    REGION: 'us-east-1',
    URL: '<https://xxxxxxxxxx.execute-api.us-east-1.amazonaws.com>',
  },
  cognito: {
    REGION: 'us-east-1',
    USER_POOL_ID: 'us-east-1_yyyyyyyyy',
    APP_CLIENT_ID: 'foo',
  }
};
j

Jay

03/27/2021, 11:58 PM
Hmm if you are not following the guide then I'm not totally sure what the setting should be.
m

Maks Babarowski

03/28/2021, 12:04 AM
Yeah I just wanted to learn how to use Amplify without all that auto-generated stuff I'm getting looking at their 'Getting started' and that specific part of your guide was a great help in it. I'm looking through the earlier parts and now I see I missed this: https://serverless-stack.com/chapters/create-a-cognito-identity-pool.html
Not really sure why do I need to set up federated pool using users pool. It seems kinda redundant to me...
c

cbeckley

03/28/2021, 12:18 AM
user pools and identity pools go hand in hand you need both poorly named I think with the infinite wisdom of hindsight
m

Maks Babarowski

03/28/2021, 2:14 PM
Thanks. Now I understand the difference between User Pool and Identity Pool. A new thing I don't understand is why do I need to use Identity Pool, when App Client of User Pool provides me with all the features I need. I was able to register new users, authorize them, hand out JWT tokens and secure my API with authorizer built on it:
Copy code
httpApi:
    authorizers:
      serviceAuthorizer:
        identitySource: $request.header.Authorization
        issuerUrl: 
          Fn::Join:
          - ''
          - - '<https://cognito-idp>.'
            - '${opt:region, self:provider.region}'
            - '.<http://amazonaws.com/|amazonaws.com/>'
            - Ref: serviceUserPool
        audience:
          - Ref: serviceUserPoolClient
    cors: true
(
serviceUserPool
is
AWS::Cognito::UserPool
and
serviceUserPoolClient
is
AWS::Cognito::UserPoolClient
). In the User Pool settings there's an option to enable additional federated identity providers, like Facebook, Google or SAML. Considering all of that, I'm almost certain I could get around without Identity Pools if it wasn't for Amplify API. Is it some dirty workaround what I'm doing here?
j

Jay

03/28/2021, 8:23 PM
The key different between the two isn't federation but the ability to manage access control to the various AWS resources. If you don't need that you should be able to just use a User Pool. That said Amplify defaults to using an Identity Pool because they allow you to add other resources (like S3) to your stack. This is similar to what we do in the guide. I haven't looked into it but you'll need to dig into their docs to see how to configure the API to just use the User Pool.
4 Views