https://serverless-stack.com/ logo
#help
Title
# help
t

Tamara Dottin

11/23/2021, 9:20 PM
Hi all -- have an authentication stack that creates a Cognito User Pool and Client using
sst.Auth
and then creates a
cognito.UserPoolIdentityProviderGoogle
passing in the previously created user pool. Deploying the stack is failing for one of our devs:
The provider Google does not exist for User Pool us-east-1_xxxxxxx. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: bac404cf-aff9-4476-9167-647134a8166b; Proxy: null)
but it's working for myself and another teammate. Has anyone experienced this? I saw mention of a race condition when creating a user pool and identity provider in the same stack here: https://github.com/aws/aws-cdk/issues/15692#issuecomment-884495678, but not sure if that's what we're experiencing
Should mention we're all in our separate newly created AWS accounts
ö

Ömer Toraman

11/23/2021, 9:34 PM
Can u show the code?
t

Tamara Dottin

11/23/2021, 9:36 PM
Copy code
export default class AuthStack extends sst.Stack {
  auth: sst.Auth;

  constructor(scope: <http://sst.App|sst.App>, id: string, props: AuthStackProps) {
    super(scope, id, props);

    const { customerApi } = props;

    this.auth = new sst.Auth(this, "Auth", {
      cognito: {
        userPool: {
          signInAliases: { email: true }
        },
        userPoolClient: {
          supportedIdentityProviders: [cognito.UserPoolClientIdentityProvider.COGNITO, cognito.UserPoolClientIdentityProvider.GOOGLE],
          oAuth: {
            callbackUrls: ["<http://localhost:3000>"],
            logoutUrls: ["<http://localhost:3000>"]
          }
        }
      }
    });

    if (this.auth.cognitoUserPool && process.env.GOOGLE_AUTH_CLIENT_ID && process.env.GOOGLE_AUTH_CLIENT_SECRET) {
      new cognito.UserPoolIdentityProviderGoogle(this, 'Google', {
        clientId: process.env.GOOGLE_AUTH_CLIENT_ID,
        clientSecret: process.env.GOOGLE_AUTH_CLIENT_SECRET,
        userPool: this.auth.cognitoUserPool,
        scopes: ['profile', 'email', 'openid'],
        attributeMapping: {
          email: cognito.ProviderAttribute.GOOGLE_EMAIL,
          givenName: cognito.ProviderAttribute.GOOGLE_GIVEN_NAME,
          familyName: cognito.ProviderAttribute.GOOGLE_FAMILY_NAME,
          phoneNumber: cognito.ProviderAttribute.GOOGLE_PHONE_NUMBERS
        }
      })
    }

    this.auth.cognitoUserPool?.addDomain('AuthDomain', {
      cognitoDomain: {
        domainPrefix: `${scope.stage === 'dev' ? process.env.DEV_AUTH_DOMAIN : scope.stage}-acrehomes`
      }
    })

    this.auth.attachPermissionsForAuthUsers([customerApi]);

    if (this.auth.cognitoUserPool && this.auth.cognitoUserPoolClient) {
      this.addOutputs({
        Region: scope.region,
        UserPoolId: this.auth.cognitoUserPool.userPoolId,
        IdentityPoolId: this.auth.cognitoCfnIdentityPool.ref,
        UserPoolClientId: this.auth.cognitoUserPoolClient.userPoolClientId
      }); 
    }
  }
}
Actually, we just added
this.auth.cognitoUserPoolClient?.node.addDependency(provider)
to the stack and working for him now! Thanks though
ö

Ömer Toraman

11/23/2021, 9:39 PM
Yeah seems like a race condition
Nice catch!
t

Tamara Dottin

11/23/2021, 9:39 PM
Thanks @Ömer Toraman!
f

Frank

11/23/2021, 10:23 PM
@Ömer Toraman Thanks for chiming in!
@Tamara Dottin Glad u figured it out!