Support for Cognito or AWS_IAM auth

[sdeby]

Any hints on how to use Cognito User Pools or AWS_IAM Auth instead?

[LeslieOA]

I'm having the same issue.

It seems gatsby-source-graphql only supports token based authentication, or at least: documentation supporting how to auth using Cognito user pools isn't forthcoming.

I'm using AppSync and Amplify:

gatsby-wrap-provider.js

Amplify.configure({
  Auth: {
    region: CONFIG.Auth.region,
    userPoolId: CONFIG.Auth.userPoolId,
    userPoolWebClientId: CONFIG.Auth.userPoolWebClientId,
  },
});

const client = new AWSAppSyncClient({
  url: CONFIG.aws_appsync_graphqlEndpoint,
  region: CONFIG.Auth.region,
  auth: {
    type: AUTH_TYPE.AMAZON_COGNITO_USER_POOLS,
    jwtToken: async () => (await Auth.signIn(...CREDENTIALS).currentSession().getAccessToken().getJwtToken()),
  },
});

export default ({ element }) => (<ApolloProvider client={client}>{element}</ApolloProvider>)

...and the relevant plugins section of my gatsby-config.js:

{
  resolve: `gatsby-source-graphql`,
  options: {
    typeName: 'AppSync',
    fieldName: 'fieldsOfWheat',
    url: 'https://1234567890.appsync-api.eu-central-1.amazonaws.com/graphql'
  },
},

...and gatsby-source-graphql immediately returns a forbidden:

ServerError: Response not successful: Received status code 403

Am I missing something in headers? Would createLink somehow help?

Thanks in advanced.

[LeslieOA]

...bump...

[wmlutz]

Gonna bump this too. AWS resets the API tokens every 7 days.

[wmlutz]

@LeslieOA @sdeby - I made a plugin that uses IAM to grab data out of DynamoDB. Hopefully this helps yall too: https://www.npmjs.com/package/gatsby-source-dynamodb