When trying to use the `HttpUserPoolAuthorizer` fr...
# helpr
Robert Chandler
04/10/2022, 8:43 PMWhen trying to use the
HttpUserPoolAuthorizer@aws-cdk/aws-apigatewayv2-authorizers Copy code
Error: construct does not have an associated node. All constructs must extend the "Construct" base class
at Function.of (/home/robert/code/HeyDaily/heydaily-serverless/node_modules/@aws-cdk/core/node_modules/constructs/src/construct.ts:30:13)
at new Node (/home/robert/code/HeyDaily/heydaily-serverless/node_modules/@aws-cdk/core/node_modules/constructs/src/construct.ts:75:12)
at new ConstructNode (/home/robert/code/HeyDaily/heydaily-serverless/node_modules/@aws-cdk/core/lib/construct-compat.ts:291:24)
at Object.createNode (/home/robert/code/HeyDaily/heydaily-serverless/node_modules/@aws-cdk/core/lib/construct-compat.ts:78:11)
at new Construct (/home/robert/code/HeyDaily/heydaily-serverless/node_modules/@aws-cdk/core/node_modules/constructs/src/construct.ts:575:26)
at new Construct (/home/robert/code/HeyDaily/heydaily-serverless/node_modules/@aws-cdk/core/lib/construct-compat.ts:75:5)
at new Resource (/home/robert/code/HeyDaily/heydaily-serverless/node_modules/@aws-cdk/core/lib/resource.ts:151:5)
at new HttpAuthorizer (/home/robert/code/HeyDaily/heydaily-serverless/node_modules/@aws-cdk/aws-apigatewayv2/lib/http/authorizer.ts:159:5)
at HttpUserPoolAuthorizer.bind (/home/robert/code/HeyDaily/heydaily-serverless/node_modules/@aws-cdk/aws-apigatewayv2-authorizers/lib/http/user-pool.ts:59:25)
at new HttpRoute (/home/robert/code/HeyDaily/heydaily-serverless/node_modules/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts:196:45)Robert Chandler
04/10/2022, 8:55 PMOn a related note, what are the advantages of using IAM auth over JWTs? It seems way easier to use JWTs e.g. when making cURL requests or in Postman
f
Frank
04/10/2022, 9:13 PM
Hey @Robert Chandler, which version of SST r u on? And can u share how u r creating the authorizer?
r
Robert Chandler
04/10/2022, 9:14 PM Copy code
const authorizer = new HttpUserPoolAuthorizer("InfluencerApiAuthorizer", props.auth.cognitoUserPool, {
userPoolClients: [props.auth.cognitoUserPoolClient],
}); Copy code
robert@robert-XPS-15-9560:~/code/HeyDaily/heydaily-serverless$ sst --version
SST: 0.69.2
CDK: 2.15.0f
Frank
04/10/2022, 9:14 PM
And can i see the version of
@aws-cdk/aws-apigatewayv2-authorizersr
Robert Chandler
04/10/2022, 9:16 PM"@aws-cdk/aws-apigatewayv2-authorizers": "^1.152.0",f
Frank
04/10/2022, 9:16 PM
can u pin it to
2.15.0-alpha.0r
Robert Chandler
04/10/2022, 9:17 PMWill do
Robert Chandler
04/10/2022, 9:17 PMnpm ERR! notarget No matching version found for @aws-cdk/aws-apigatewayv2-authorizers@2.15.0-alpha.0.f
Frank
04/10/2022, 9:18 PM
"@aws-cdk/aws-apigatewayv2-authorizers-alpha": "2.15.0-alpha.0"Frank
04/10/2022, 9:18 PM
try this
r
Robert Chandler
04/10/2022, 9:19 PMChanging to
import { HttpUserPoolAuthorizer } from "@aws-cdk/aws-apigatewayv2-authorizers-alpha";f
Frank
04/10/2022, 9:19 PM
yup yup
r
Robert Chandler
04/10/2022, 9:20 PMOk, I think this will work 😎 Thanks Frank ❤️
f
Frank
04/10/2022, 9:23 PM
And as for IAM vs JWT auth, go with JWT first. And then if you want ur frontend users to interact with other AWS resources (part from APIs), you can look into ways to issue them IAM credentials.
Frank
04/10/2022, 9:23 PM
And if ur frontend users have IAM credentials, u could use IAM auth for the API.
r
Robert Chandler
04/10/2022, 9:25 PMInteresting, currently we interact with S3 on the frontend but do this by generating a pre-singed URL on the backend
f
Frank
04/10/2022, 9:26 PM
Yeah, that works. An alternative setup would be allowing frontend users upload directly to S3, in which case, they’d need IAM credentails with S3 permissions
t
thdxr
04/10/2022, 9:50 PMpersonally prefer the jwt approach as well, you do have to do the "extra step" of setting up presigned urls but to me that actually is simpler