Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

@aws-cdk/aws-appsync: Cannot attach @cognito Directives with no groups specified

See original GitHub issue

When attaching a Directive to the GraphQL Schema using the code-first approach the Directive.cognito() requires one to attach at least one group:

Cognito authorization requires at least one Cognito group to be supplied. Received: 0

But this should not be the case. @aws_cognito_user_pools directive does not require a group. If no group is specified it means allow all users authorized through cognito.

Reproduction Steps

    import {
        Directive,
        ResolvableField
    } from "@aws-cdk/aws-appsync";

    api.graphqlAPI.addMutation('setStatus', new ResolvableField({
        args: StatusInput.definition,
        returnType: StatusType.attribute(),
        dataSource: setStatusDataSource,
        directives: [
            Directive.iam(),
            Directive.cognito()
        ]
    }));

What did you expect to happen?

That the schema attaches the @aws_cognito_user_pools directive directive.

What actually happened?

The cdk deploy returned the error:

Cognito authorization requires at least one Cognito group to be supplied. Received: 0

Environment

CDK CLI Version : 1.89.0
Framework Version: : 1.89.0
Node.js Version: v12.16.1
OS : Windows 10
Language (Version):

Other

This is 🐛 Bug Report

Issue Analytics

State:
Created 3 years ago
Comments:5 (3 by maintainers)

Top GitHub Comments

3reactions

pfriedcommented, Feb 24, 2021

For everyone struggling with this, adding a custom directive like

directives: [Directive.iam(), Directive.custom('@aws_cognito_user_pools')],

will attach the correct directive statement anyways.

@MrArnoldPalmer I tried to fix this in the code. But it is somehow a mess caused by this whole @aws_auth against @aws_cognito_user_pools when multiple are present mess. A quick fix would be to remove the error beeing thrown when 0 groups are passed, but this error is valid and needs to be checked in case it is the only directive when using @aws_auth. Also the whole string replacement is ugly. The statement can only be created in the toString() method as only there is enough information to build the correct statement.

IMHO The statements should be created by a more sophisticated function like createStatement(modes) and Authorization Directives and Subscription Directives should be put in their own Subclass which does not need to be public.

Any thoughts on that?

1reaction

MrArnoldPalmercommented, Feb 24, 2021

@pfried I think I’m with you on this. We need a much smarter and sophisticated system for managing directive statements instead of this basic string interpolation. Separating authorization and subscription directives also makes sense with some common BaseDirective ancestor or something.

Top Results From Across the Web

Authorization and authentication - AWS AppSync

This section describes options for configuring security and data protection for your applications. Authorization types.

AppSync Cognito directives - Advanced Web Machinery

AppSync provides a way to embed access control in the GraphQL schema with a few directives that specify what groups can access a...

CognitoIdentityProvider — Boto3 Docs 1.26.36 documentation

When the external user signs in again, and the user is no longer attached to the previously linked DestinationUser , the user must...

Cognito User Pool Groups not working with different roles

Choose Amazon Cognito; Paste in your Identity pool id (the federated one); Click next; Now add/create policies you need for the user group,...

Use an existing Cognito User Pool and Identity Pool

automatically populate your Amplify Library configuration files (aws-exports. · provide your designated existing Cognito resource as the authentication & ...