amplify-android icon indicating copy to clipboard operation
amplify-android copied to clipboard
verified publisher icon aws-amplify

AWS Lambda authorization for AWS AppSync

Open rezab777 opened this issue 3 years ago • 3 comments

Before opening, please confirm:

Language and Async Model

Not applicable

Amplify Categories

GraphQL API

Gradle script dependencies

// Put output below this line

Environment information

# Put output below this line

Please include any relevant guides or documentation you're referencing

No response

Describe the feature request

Hello It's been almost almost a year now that Lambda authorization for AWS AppSync has been released. We have implemented Lambda auth for our web app but would like to be able to use Lambda authorization for our mobile apps as well. Could you please provide an ETA of when AWS Lambda authorizer configuration will be added to amplify-android?

Initialization steps (if applicable)

No response

Code Snippet

// Put your code below this line.

amplifyconfiguration.json

No response

GraphQL Schema

// Put your schema below this line

Additional information and screenshots

No response

rezab777 avatar Jul 15 '22 22:07 rezab777

Hi there!

Is anyone working with this feature request right now?

As far as I can see, AWS lambda auth for DataStore (GraphQL API) is currently available in Amplify Android v2. There's more info regarding this https://docs.amplify.aws/android/build-a-backend/graphqlapi/customize-authz-modes/#aws-lambda

However, there's a problem with configuring this authentication type. The current implementation demands to provide an auth token to ApiAuthProviders when adding AWSApiPlugin which is followed by Amplify.configure call.

As far as we can't call Amplify.configure more than once in Android library, there's no option to provide a different auth token for AWSApiPlugin.

There's a need to improve the current implementation and allow to set a different auth token or call Amplify.configure to provide a new configuration.

Here is a code example:

ApiAuthProviders authProviders = ApiAuthProviders.builder()
    .functionAuthProvider(() -> "[AWS-LAMBDA-AUTH-TOKEN]")
    .build();
AWSApiPlugin plugin = AWSApiPlugin.builder()
    .apiAuthProviders(authProviders)
    .build();
Amplify.addPlugin(plugin); // Can't add or remove a plugin after Amplify.configure was called

AmplifyConfiguration amplifyConfig = AmplifyConfiguration.builder(context)
    .devMenuEnabled(false)
    .build();
Amplify.configure(amplifyConfig, context); // Can't call more than once

yaroslav-v avatar Mar 06 '24 14:03 yaroslav-v

@yaroslav-v The method does not require an auth token, it requires giving a provider.

.functionAuthProvider(() -> "[AWS-LAMBDA-AUTH-TOKEN]") This example has a static token.

I believe what you are asking to do is already possible.

private static final class MyFunctionAuthProvider implements FunctionAuthProvider {

    @Override
    public String getLatestAuthToken() {
        String token = // Implement logic here to determine token to provide
        return token
    }
}

Of course, you can also just inline the logic inside the lambda as is used in the original code example.

tylerjroach avatar Mar 06 '24 16:03 tylerjroach

@tylerjroach Thanks. That's right, I've completely missed the point that this is a provider.

yaroslav-v avatar Mar 06 '24 17:03 yaroslav-v