Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

oauth domain is empty in amplify_output.json if defineAuth name is specified #1724

Closed
lwang-79 opened this issue Jul 7, 2024 · 8 comments
Closed
Labels
amplify_outputs Issue related to generating amplify_outputs for deployed backends auth Issue pertaining to Amplify Auth bug Something isn't working

Comments

@lwang-79
Copy link

lwang-79 commented Jul 7, 2024

Environment information

System:
  OS: macOS 14.3.1
  CPU: (10) arm64 Apple M1 Pro
  Memory: 196.23 MB / 32.00 GB
  Shell: /bin/zsh
Binaries:
  Node: 21.5.0 - /opt/homebrew/bin/node
  Yarn: 1.22.19 - /opt/homebrew/bin/yarn
  npm: 10.2.4 - /opt/homebrew/bin/npm
  pnpm: undefined - undefined
NPM Packages:
  @aws-amplify/backend: 1.0.4
  @aws-amplify/backend-cli: 1.1.0
  aws-amplify: 6.3.8
  aws-cdk: 2.147.3
  aws-cdk-lib: 2.147.3
  typescript: 5.5.3
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!                                                                            !!
!!  Node 21 has reached end-of-life on 2024-06-01 and is not supported.       !!
!!  Please upgrade to a supported node version as soon as possible.           !!
!!                                                                            !!
!!  This software is currently running on node v21.5.0.                       !!
!!  As of the current release of this software, supported node releases are:  !!
!!  - ^22.0.0 (Planned end-of-life: 2027-04-30)                               !!
!!  - ^20.0.0 (Planned end-of-life: 2026-04-30)                               !!
!!  - ^18.0.0 (Planned end-of-life: 2025-04-30)                               !!
!!                                                                            !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
AWS environment variables:
  AWS_STS_REGIONAL_ENDPOINTS = regional
  AWS_NODEJS_CONNECTION_REUSE_ENABLED = 1
  AWS_SDK_LOAD_CONFIG = 1
No CDK environment variables

Description

Configure Google Sign-In but it doesn't work.

export const auth = defineAuth({
  loginWith: {
    email: true,
    externalProviders: {
      google: {
        clientId: secret('GOOGLE_CLIENT_ID'),
        clientSecret: secret('GOOGLE_CLIENT_SECRET'),
        scopes: ['openid', 'email', 'profile'],
        attributeMapping: {
          email: 'email',
          preferredUsername: 'name',
          profilePicture: 'picture'
        }
      },
      callbackUrls: [
        'http://localhost:3000/home',
        'https://questions.jinpearl.com/home'
      ],
      logoutUrls: [
        'http://localhost:3000/', 
        'https://questions.jinpearl.com/'
      ],
    },
  },
});

oauth domain in amplify_output.json file is empty.

{
  "auth": {
    ...
    "oauth": {
      "identity_providers": [
        "GOOGLE"
      ],
      "redirect_sign_in_uri": [
        "http://localhost:3000/home",
        "https://questions.jinpearl.com/home"
      ],
      "redirect_sign_out_uri": [
        "http://localhost:3000/",
        "https://questions.jinpearl.com/"
      ],
      "response_type": "code",
      "scopes": [
        "phone",
        "email",
        "openid",
        "profile",
        "aws.cognito.signin.user.admin"
      ],
      "domain": ""
    },
  },
...
}

Google Sing-In works if manually add the domain in amplify_output.json file.
Can't define domainPrefix in externalProviders.
Tried to override but failed with error User pool already has a domain configured.

backend.auth.resources.userPool.addDomain(
  "domainPrefix", { 
    cognitoDomain: {
      domainPrefix: 'fawegawegaw'
    }
  }
)
@lwang-79 lwang-79 added the pending-triage Incoming issues that need categorization label Jul 7, 2024
@thomasoehri
Copy link

I have the same issue. The oauth domain is missing in amplify_outputs.json.

amplify_outputs.json:

...
"oauth": {
      "identity_providers": [
        "GOOGLE"
      ],
      "redirect_sign_in_uri": [
        ...
      ],
      "redirect_sign_out_uri": [
        ...
      ],
      "response_type": "code",
      "scopes": [
        "phone",
        "email",
        "openid",
        "profile",
        "aws.cognito.signin.user.admin"
      ],
      "domain": ""   <-- Domain is missing 
    },
...

@ykethan
Copy link
Member

ykethan commented Jul 8, 2024

Hey @lwang-79 @thomasoehri, thank you for reaching. Tried reproducing the issue in a new application but did not observe this behavior. The domain should get auto-generated when using the social providers.
Are there any overrides being used on the auth resource?
Do you observe any error messages on sandbox deploy?

@ykethan ykethan added amplify_outputs Issue related to generating amplify_outputs for deployed backends pending-response Issue is pending response from author auth Issue pertaining to Amplify Auth labels Jul 8, 2024
@ernieMrtnz
Copy link

ernieMrtnz commented Jul 10, 2024

I am also running into the same issue, have nothing overriding the auth resource, and have no error messages on sandbox deploy.

I have the same issue. The oauth domain is missing in amplify_outputs.json.

amplify_outputs.json:

...
"oauth": {
      "identity_providers": [
        "GOOGLE"
      ],
      "redirect_sign_in_uri": [
        ...
      ],
      "redirect_sign_out_uri": [
        ...
      ],
      "response_type": "code",
      "scopes": [
        "phone",
        "email",
        "openid",
        "profile",
        "aws.cognito.signin.user.admin"
      ],
      "domain": ""   <-- Domain is missing 
    },
...

@ykethan
Copy link
Member

ykethan commented Jul 11, 2024

Hey @ernieMrtnz @thomasoehri @lwang-79, could you check the version of @aws-amplify/backend-auth and @aws-amplify/auth-construct in the package lock file?
Tried reproing this with @aws-amplify/[email protected] and @aws-amplify/[email protected] but did not observe the missing domain. If you observe an older version could you try re-installing the latest version of the packages and let us know if this mitigates the issue?

@ernieMrtnz
Copy link

ernieMrtnz commented Jul 12, 2024

Hey @ykethan, I have these in my lock file: @aws-amplify/[email protected] @aws-amplify/[email protected]

I've also removed all lambda functions, api gateway, and event bus bridge to just have a simple auth and data resources with no luck in having the domain being set

@ykethan
Copy link
Member

ykethan commented Jul 12, 2024

Was able to reproduce the issue by adding name to defineAuth. Marking as bug.
@ernieMrtnz Thank you for the findings on discord

note:
userPool resource with name configured: fooNameUserPoolDomain: UserPoolDomain {...}
userPool resource without name configured: UserPoolDomain: UserPoolDomain {...}

@ykethan ykethan added bug Something isn't working and removed pending-triage Incoming issues that need categorization pending-response Issue is pending response from author labels Jul 12, 2024
@josefaidt josefaidt changed the title oauth domain is empty in amplify_output.json oauth domain is empty in amplify_output.json if defineAuth name is specified Jul 12, 2024
@ernieMrtnz
Copy link

Was able to reproduce the issue by adding name to defineAuth. Marking as bug. @ernieMrtnz Thank you for the findings on discord

note: userPool resource with name configured: fooNameUserPoolDomain: UserPoolDomain {...} userPool resource without name configured: UserPoolDomain: UserPoolDomain {...}

Anytime! Thank you both for looking into this, really appreciate the work you've done on this library!

@sobolk
Copy link
Member

sobolk commented Jul 15, 2024

Fix has shipped in https://github.com/aws-amplify/amplify-backend/releases/tag/%40aws-amplify%2Fauth-construct%401.1.6

@sobolk sobolk closed this as completed Jul 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
amplify_outputs Issue related to generating amplify_outputs for deployed backends auth Issue pertaining to Amplify Auth bug Something isn't working
Projects
None yet
Development

No branches or pull requests

5 participants