Hi, I have tried to upgrade my auth to v1.0 (from ...
# helpg
Gabriel
05/30/2022, 12:58 PMHi, I have tried to upgrade my auth to v1.0 (from 0.69)
from:
Copy code
const api = new sst.Api(this, "Api", {
defaultAuthorizer: new apigAuthorizers.HttpUserPoolAuthorizer("Authorizer", userPool, {
userPoolClients: [userPoolClient],
}),
defaultAuthorizationType: sst.ApiAuthorizationType.JWT, Copy code
new Api(stack, "Api", {
authorizers: {
Authorizer: {
type: "user_pool",
userPool: {
id: userPool.userPoolId,
clientIds: [userPoolClient.userPoolClientId],
}
},
},
defaults: {
authorizer: "Authorizer",
},Gabriel
05/30/2022, 1:28 PMIf I use this instead then its working fine.
Copy code
new Api(stack, "Api", {
authorizers: {
MyAuthorizer: {
type: "jwt",
jwt: {
issuer: "<https://myorg.us.auth0.com>",
audience: ["UsGRQJJz5sDfPQDs6bhQ9Oc3hNISuVif"],
}
},
},
defaults: {
authorizer: "MyAuthorizer",
},Gabriel
05/30/2022, 1:37 PM@thdxr do you think its a bug?
If I import user pool and reference them in the authorizer, the authorizer creates a new app client and then the client id (audience) is new in authorizer.
(expected outcome to use the passed in client id)
See code below:
Copy code
const userPool = cognito.UserPool.fromUserPoolId(
this,
"IUserPool",
"us-east-1_abcd"
);
const userPoolClient = cognito.UserPoolClient.fromUserPoolClientId(
this,
"IUserPoolClient",
"123456asd"
);
new Api(stack, "Api", {
authorizers: {
Authorizer: {
type: "user_pool",
userPool: {
id: userPool.userPoolId,
clientIds: [userPoolClient.userPoolClientId],
}
},
},
defaults: {
authorizer: "Authorizer",
},t
thdxr
05/30/2022, 1:42 PMWill let @Frank chime in when he has a moment
f
Frank
05/31/2022, 6:07 AM
@Gabriel can you give this a try (using the ids directly):
Copy code
new Api(stack, "Api", {
authorizers: {
Authorizer: {
type: "user_pool",
userPool: {
id: "us-east-1_abcd",
clientIds: ["123456asd"],
}
},
},
defaults: {
authorizer: "Authorizer",
},g
Gabriel
05/31/2022, 8:51 AM@Frank so I tried adding the id and clientIds as strings.
and ran remove / deploy stack.
So what it seems to do is to create a new app client in the userPool (i.e. "us-east-1_abcd")
And then assigns the newly created app client id as audience in the authorizer.
While expected outcome here is that it should use the client id from the clientIds ?
f
Frank
05/31/2022, 2:19 PM
@Gabriel can you run
sst build.sst/cdkAWS::Cognito::UserPoolClientFrank
05/31/2022, 2:20 PM
If it’s there, CloudFormation will create a new client instead reusing the existing one.
Frank
05/31/2022, 2:21 PM
Let me know what u find.
g
Gabriel
06/01/2022, 10:36 AMok so I found my template in
.build>.cdk.out>stack-name.template.json
and it has this:
Copy code
"ApiApiApiAuthorizermyAuthorizerUserPoolUserPoolAuthorizerClientEF12345": {
"Type": "AWS::Cognito::UserPoolClient",
"Properties": {
"UserPoolId": "us-east-1_abcd",
"AllowedOAuthFlows": [
"implicit",
"code"
],
"AllowedOAuthFlowsUserPoolClient": true,
"AllowedOAuthScopes": [
"profile",
"phone",
"email",
"openid",
],
"CallbackURLs": [
"<https://example.com>"
],
"SupportedIdentityProviders": [
"COGNITO"
]
},
"Metadata": {
"aws:cdk:path": "dev-mystack-sst-yarn-app-dev-stack/Api/Api-Api-Authorizer-myAuthorizer-UserPool/UserPoolAuthorizerClient/Resource"
}
},Gabriel
06/02/2022, 9:19 AM@Frank sooo this is a silly thing.
it turns out I had it as "clientsIds" instead of "clientIds" and then it just silently failed in js.
Copy code
Authorizer: {
type: "user_pool",
userPool: {
id: userPool.userPoolId,
**clientsIds**: [userPoolClient.userPoolClientId],
},
}, Copy code
Authorizer: {
type: "user_pool",
cdk: { authorizer: new apigAuthorizers.HttpUserPoolAuthorizer("Authorizer", userPool, { userPoolClients: [userPoolClient],
}),3 Views