Tamara Dottin
11/23/2021, 9:20 PMsst.Auth
and then creates a cognito.UserPoolIdentityProviderGoogle
passing in the previously created user pool.
Deploying the stack is failing for one of our devs: The provider Google does not exist for User Pool us-east-1_xxxxxxx. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: bac404cf-aff9-4476-9167-647134a8166b; Proxy: null)
but it's working for myself and another teammate. Has anyone experienced this?
I saw mention of a race condition when creating a user pool and identity provider in the same stack here: https://github.com/aws/aws-cdk/issues/15692#issuecomment-884495678, but not sure if that's what we're experiencingTamara Dottin
11/23/2021, 9:21 PMÖmer Toraman
11/23/2021, 9:34 PMTamara Dottin
11/23/2021, 9:36 PMexport default class AuthStack extends sst.Stack {
auth: sst.Auth;
constructor(scope: <http://sst.App|sst.App>, id: string, props: AuthStackProps) {
super(scope, id, props);
const { customerApi } = props;
this.auth = new sst.Auth(this, "Auth", {
cognito: {
userPool: {
signInAliases: { email: true }
},
userPoolClient: {
supportedIdentityProviders: [cognito.UserPoolClientIdentityProvider.COGNITO, cognito.UserPoolClientIdentityProvider.GOOGLE],
oAuth: {
callbackUrls: ["<http://localhost:3000>"],
logoutUrls: ["<http://localhost:3000>"]
}
}
}
});
if (this.auth.cognitoUserPool && process.env.GOOGLE_AUTH_CLIENT_ID && process.env.GOOGLE_AUTH_CLIENT_SECRET) {
new cognito.UserPoolIdentityProviderGoogle(this, 'Google', {
clientId: process.env.GOOGLE_AUTH_CLIENT_ID,
clientSecret: process.env.GOOGLE_AUTH_CLIENT_SECRET,
userPool: this.auth.cognitoUserPool,
scopes: ['profile', 'email', 'openid'],
attributeMapping: {
email: cognito.ProviderAttribute.GOOGLE_EMAIL,
givenName: cognito.ProviderAttribute.GOOGLE_GIVEN_NAME,
familyName: cognito.ProviderAttribute.GOOGLE_FAMILY_NAME,
phoneNumber: cognito.ProviderAttribute.GOOGLE_PHONE_NUMBERS
}
})
}
this.auth.cognitoUserPool?.addDomain('AuthDomain', {
cognitoDomain: {
domainPrefix: `${scope.stage === 'dev' ? process.env.DEV_AUTH_DOMAIN : scope.stage}-acrehomes`
}
})
this.auth.attachPermissionsForAuthUsers([customerApi]);
if (this.auth.cognitoUserPool && this.auth.cognitoUserPoolClient) {
this.addOutputs({
Region: scope.region,
UserPoolId: this.auth.cognitoUserPool.userPoolId,
IdentityPoolId: this.auth.cognitoCfnIdentityPool.ref,
UserPoolClientId: this.auth.cognitoUserPoolClient.userPoolClientId
});
}
}
}
Tamara Dottin
11/23/2021, 9:38 PMthis.auth.cognitoUserPoolClient?.node.addDependency(provider)
to the stack and working for him now! Thanks thoughÖmer Toraman
11/23/2021, 9:39 PMÖmer Toraman
11/23/2021, 9:39 PMTamara Dottin
11/23/2021, 9:39 PMFrank
Frank