Hi all have an authentication stack that creates a Cognito U Serverless Stack #help

Hi all -- have an authentication stack that create...

Tamara Dottin

11/23/2021, 9:20 PM

Hi all -- have an authentication stack that creates a Cognito User Pool and Client using

sst.Auth

and then creates a

cognito.UserPoolIdentityProviderGoogle

passing in the previously created user pool. Deploying the stack is failing for one of our devs:

The provider Google does not exist for User Pool us-east-1_xxxxxxx. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: bac404cf-aff9-4476-9167-647134a8166b; Proxy: null)

but it's working for myself and another teammate. Has anyone experienced this? I saw mention of a race condition when creating a user pool and identity provider in the same stack here: https://github.com/aws/aws-cdk/issues/15692#issuecomment-884495678, but not sure if that's what we're experiencing

Tamara Dottin

11/23/2021, 9:21 PM

Should mention we're all in our separate newly created AWS accounts

Ömer Toraman

11/23/2021, 9:34 PM

Can u show the code?

Tamara Dottin

11/23/2021, 9:36 PM

Copy code

export default class AuthStack extends sst.Stack {
  auth: sst.Auth;

  constructor(scope: <http://sst.App|sst.App>, id: string, props: AuthStackProps) {
    super(scope, id, props);

    const { customerApi } = props;

    this.auth = new sst.Auth(this, "Auth", {
      cognito: {
        userPool: {
          signInAliases: { email: true }
        },
        userPoolClient: {
          supportedIdentityProviders: [cognito.UserPoolClientIdentityProvider.COGNITO, cognito.UserPoolClientIdentityProvider.GOOGLE],
          oAuth: {
            callbackUrls: ["<http://localhost:3000>"],
            logoutUrls: ["<http://localhost:3000>"]
          }
        }
      }
    });

    if (this.auth.cognitoUserPool && process.env.GOOGLE_AUTH_CLIENT_ID && process.env.GOOGLE_AUTH_CLIENT_SECRET) {
      new cognito.UserPoolIdentityProviderGoogle(this, 'Google', {
        clientId: process.env.GOOGLE_AUTH_CLIENT_ID,
        clientSecret: process.env.GOOGLE_AUTH_CLIENT_SECRET,
        userPool: this.auth.cognitoUserPool,
        scopes: ['profile', 'email', 'openid'],
        attributeMapping: {
          email: cognito.ProviderAttribute.GOOGLE_EMAIL,
          givenName: cognito.ProviderAttribute.GOOGLE_GIVEN_NAME,
          familyName: cognito.ProviderAttribute.GOOGLE_FAMILY_NAME,
          phoneNumber: cognito.ProviderAttribute.GOOGLE_PHONE_NUMBERS
        }
      })
    }

    this.auth.cognitoUserPool?.addDomain('AuthDomain', {
      cognitoDomain: {
        domainPrefix: `${scope.stage === 'dev' ? process.env.DEV_AUTH_DOMAIN : scope.stage}-acrehomes`
      }
    })

    this.auth.attachPermissionsForAuthUsers([customerApi]);

    if (this.auth.cognitoUserPool && this.auth.cognitoUserPoolClient) {
      this.addOutputs({
        Region: scope.region,
        UserPoolId: this.auth.cognitoUserPool.userPoolId,
        IdentityPoolId: this.auth.cognitoCfnIdentityPool.ref,
        UserPoolClientId: this.auth.cognitoUserPoolClient.userPoolClientId
      }); 
    }
  }
}

Tamara Dottin

11/23/2021, 9:38 PM

Actually, we just added

this.auth.cognitoUserPoolClient?.node.addDependency(provider)

to the stack and working for him now! Thanks though

Ömer Toraman

11/23/2021, 9:39 PM

Yeah seems like a race condition

Ömer Toraman

11/23/2021, 9:39 PM

Nice catch!

Tamara Dottin

11/23/2021, 9:39 PM

Thanks @Ömer Toraman!

Frank

11/23/2021, 10:23 PM

@Ömer Toraman Thanks for chiming in!

Frank

11/23/2021, 10:23 PM

@Tamara Dottin Glad u figured it out!

Open in Slack

Previous Next