RFC: Use existing auth resources with referenceAuth
#1548
Comments
|
This would be a huge help! |
|
This would be essential for us to migrate a large Gen 1 application to Gen 2. The idea is to keep the existing authentication, rebuild the data models, and eventually migrate everything else from CDK to Amplify. It's also important to mention that we want to use referenced authentication for data authorization on both new and existing data models; otherwise, there's no point in having a referenced Cognito Pool. |
|
I been trying to follow the documentation to connect to our existing Auth and wonder why it doesn't work with other resources. looks like this is the solution for it. |
|
Hi @taoatmars although this looks acceptable, the other generated Metadata and resources does not recognize the configured auth, so as soon as you start integrating your data modeling with auth, you will start getting errors related to some Metadata that should be available but for some reason it is not. It would be great also to be able to configure the project to reuse a single cognito user pool across all branches and sandboxes. |
|
@caioquirino This is great insight, and thank you for stopping me diving into some rabbit hole. This has made it very difficult for us to migrate from amplify v1 to v2. |
|
really need this one ASAP |
|
I am sorry if it is out of scope of this thread. But I didn't find anything more related to my question: I have a monorepo (Turborepo managed with pnpm) where all authentication logic is centralized in the main app. The other apps function as subpaths of the main app, facilitated by Next.js rewrites (NextJS 14 App Router). I'm trying to run Amplify.configure(amplify_outputs) with the same configuration in all subapps as early as possible (root layout). I was hoping this would allow it to recognize session data from Cognito cookies, which are accessible to the subapps. However, when I call "fetchAuthSession()" from "aws-amplify/auth", it returns no data, indicating that the user is unauthenticated. Does anyone know of an example of a similar setup or have suggestions on how to resolve this? |
|
Any news on this feature? I need to create an Amplify app that uses an existing Cognito and adds some maps with policies attached to it. Currently, it’s impossible for me to do so using the existing documentation. |
|
I feel this feature is very needed by many (especially me)! Would love to see this implemented. |
|
Hey folks 👋 I wanted to drop a note and say we are actively thinking about this issue 🙂 @mariasemionova would you mind filing an issue over on our js repo? this sounds like an interesting use case and something we should document 🙂 https://github.com/aws-amplify/amplify-js |
|
@josefaidt this is awesome to know! I am happy to contribute to it, would you like to give a briefing of the necessary effort, or split it into sub tasks? Cheers! |
I filled an issue, thank you for redirecting me to the correct repo. |
|
+1 for this |
|
Here's a workaround to use your AMPLIFY Gen 2 GraphQL backend with an existing Cognito UserPool. In your backend import { defineBackend } from '@aws-amplify/backend'
import { auth } from './auth/resource' // the old "login with email" default auth from the docs
import { data } from './data/resource'
const backend = defineBackend({
auth, // keep this!
data
})
/* override the GraphQL user pool id */
const graphqlApi = backend.data.resources.cfnResources.cfnGraphqlApi
if (graphqlApi.userPoolConfig === undefined || !('awsRegion' in graphqlApi?.userPoolConfig)) {
throw new Error ('Missing userPoolConfig!')
}
graphqlApi.userPoolConfig = {
...graphqlApi.userPoolConfig,
userPoolId: '<your user pool id>' // enter the id of your existing user pool
}With this change your GraphQL backend is tied to your existing Cognito user pool. Now to the fontend. Wherever you do AMPLIFY.configure... import { Amplify } from 'aws-amplify'
import outputs from './amplify_outputs.json' // this is a generated file!
export function configureAmplify () {
Amplify.configure(outputs)
const config = Amplify.getConfig()
Amplify.configure({
...config,
Auth: {
Cognito: {
userPoolId: '<your value>',
userPoolClientId: '<your value>',
identityPoolId: '<your value>',
},
}
})
// remove the next line once you have confirmed that it works
console.log('AMPLIFY config:', Amplify.getConfig())
}I hope this helps. But I also hope, this will soon no longer be necessary. ✨ Happy coding ✨ |
|
I'm looking forward to this being added. 👍 |
|
I would recommend you consider allowing users to use some existing resources as well as create new ones. I'll explain a use case that seems very reasonable and common. Scenario:
Ideally, AWS Amplify should support this scenario. It will be very common with some dev teams. If you disagree please explain why! Glad to learn. |
|
Hi everyone, I still get the same issue. |
Hey folks 👋 we’re looking to introduce a mechanism to consume existing auth resources, and use with other Amplify resources like Data without additional configuration or the need for patching with CDK. This mechanism aims to address the following use cases:
Similar to the
define*terminology, we are looking to introducereference*terminology in an effort to convey which resources are defined and managed by the Amplify app, and resources that are simply referenced to use with other Amplify resources. Unlike defined resources, referenced resources cannot be modified. For example, when referencing existing auth resources you will not be able to add additional identity providers unique to your app, or add additional/custom attributes to the user pool schema.At a high level the following constraints exist with
referenceAuth:defineAuthandreferenceAuthcannot coexist in the same backendgroupscan be used to define auth rules in Data, but are not exposed onbackend.auth.resourcesThe props shape may change, but we’re curious to hear your thoughts and whether this addresses your use case!
The text was updated successfully, but these errors were encountered: