aws-amplify
[Gen2 Auth] can not add multiple auth providers. Got 'supportedLoginProviders' failed to satisfy constraint: Member must have length less than or equal to 128'
Environment information
System:
OS: Windows 11 10.0.22631
CPU: (22) x64 Intel(R) Core(TM) Ultra 9 185H
Memory: 6.35 GB / 31.37 GB
Binaries:
Node: 20.17.0 - ~\AppData\Local\Temp\yarn--1726772121413-0.3209963096971373\node.CMD
Yarn: 1.22.22 - ~\AppData\Local\Temp\yarn--1726772121413-0.3209963096971373\yarn.CMD
npm: 10.8.2 - C:\Program Files\nodejs\npm.CMD
pnpm: undefined - undefined
NPM Packages:
@aws-amplify/auth-construct: 1.3.1
@aws-amplify/backend: 1.2.2
@aws-amplify/backend-auth: 1.1.5
@aws-amplify/backend-cli: 1.2.7
@aws-amplify/backend-data: 1.1.4
@aws-amplify/backend-deployer: 1.1.3
@aws-amplify/backend-function: 1.4.1
@aws-amplify/backend-output-schemas: 1.2.0
@aws-amplify/backend-output-storage: 1.1.2
@aws-amplify/backend-secret: 1.1.2
@aws-amplify/backend-storage: 1.1.3
@aws-amplify/cli-core: 1.1.3
@aws-amplify/client-config: 1.3.1
@aws-amplify/deployed-backend-client: 1.4.1
@aws-amplify/form-generator: 1.0.2
@aws-amplify/model-generator: 1.0.7
@aws-amplify/platform-core: 1.1.0
@aws-amplify/plugin-types: 1.2.2
@aws-amplify/sandbox: 1.2.2
@aws-amplify/schema-generator: 1.2.3
aws-amplify: 6.6.2
aws-cdk: 2.159.0
aws-cdk-lib: 2.159.0
typescript: 5.6.2
AWS environment variables:
AWS_NODEJS_CONNECTION_REUSE_ENABLED = 1
AWS_SDK_LOAD_CONFIG = 1
AWS_STS_REGIONAL_ENDPOINTS = regional
No CDK environment variables
Done in 10.72s.
Describe the bug
I want to add Google and Facebook login providers to my amplify auth. and looks like there not possible to add both of them, because configuration handle only 128 character, but my one has 133 for google and facebook. So I can not add both providers, even if I add one then another I got the same issue
validation error detected: Value '{accounts.google.com=************-********************************.apps.googleusercontent.com, graph.facebook.com=**************** }' at 'supportedLoginProviders' failed to satisfy constraint: Map value must satisfy constraint: [Member must have length less than or equal to 128, Member must have length greater than or equal to 1, Member must satisfy regular expression pattern: [\w.;_/-]+] (Service: CognitoIdentity, Status Code: 400,
Reproduction steps
use this amplify/auth/resource.ts provide real secrets and try to deploy app
import { defineAuth, secret } from "@aws-amplify/backend";
/**
* Define and configure your auth resource
* @see https://docs.amplify.aws/gen2/build-a-backend/auth
*/
export const auth = defineAuth({
loginWith: {
email: true,
externalProviders: {
google: {
clientId: secret("GOOGLE_CLIENT_ID"),
clientSecret: secret("GOOGLE_CLIENT_SECRET"),
scopes: ["email", "profile", "openid"],
attributeMapping: {
email: "email",
familyName: "family_name",
givenName: "given_name",
fullname: "name",
},
},
facebook: {
clientId: secret("FACEBOOK_CLIENT_ID"),
clientSecret: secret("FACEBOOK_CLIENT_SECRET"),
scopes: ["email", "public_profile"],
attributeMapping: {
email: "email",
familyName: "last_name",
givenName: "first_name",
fullname: "name",
},
},
callbackUrls: [
"http://localhost:3000"
],
logoutUrls: [
"http://localhost:3000/auth/login"
],
},
},
});
Hey @vkurniavka, thank you for reaching out. From the error this appears to be a constraint on the Cognito Identity pool login providers, refer to the Cognito identity pool documentation providing this information on SupportedLoginProviders.
As a quick check could you ensure the client ID and client secret on the AWS console -> parameter store if the values may have been duplicated as I was unable to reproduce this error message with a new facebook and google keys.
The parameter should contain a name with /amplify/<app-name>/<sandbox>/<secret-name>
Closing the issue due to inactivity. Do reach out to us if you are still experiencing this issue
Sorry missed the notification about answer, yes the secrets are there and all works fine when I remove Facebook or Google from configuration. I've spend time to identify the issue. The error is about limits, and actually when I keep this limits it is work, but this limits allow me to add only one auth provider.
@ykethan Can we continue on that. Because for now I'm using workaround that allow me to have both auth provider, but it doesn't work with my CI/CD which are not allowing my contributors to add new one in future, which will required soon
Hey @vkurniavka, would be open for a quick chat? as i havent been able to reproduce the error with new keys.
I am available on discord, my handle is ykethan
Hi @ykethan, Yes I will. Let me reproduce this issue again first, since I using workaround right now. I'll message you in Discord
Where is the value being used ? https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_DescribeIdentityPool.html#API_DescribeIdentityPool_ResponseSyntax The supportedLoginProperties should be a map, but it appears that the entire JSON stringified value is being used as the value here.
@awsluja I'm using Amplify Gen2 and this documentation https://docs.amplify.aws/vue/build-a-backend/auth/concepts/external-identity-providers/
Secrets are provided and I see them in logs, you can check logs I provided, I just replaced my secrets by the same amount of "*" here.
@vkurniavka this may seem strange - but I found https://github.com/aws-amplify/amplify-js/issues/7737 and it appears to be related to slashes in the callback URL, can you try deploying without the /auth/login in the logout URL?
Also , is this failing during deployment? or is this something that is happening when trying to perform a login (after deployment, and a user is trying to login with one of the providers)?
Thanks
I resolved issue with @ykethan on the call. My case was an extra space in secret. So thank you guys for help