aws-amplify
Creating Amplify auth social sign-in throws error on hosted UI providers
Before opening, please confirm:
- [X] I have searched for duplicate or closed issues.
- [X] I have read the guide for submitting bug reports.
- [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
- [X] I have removed any sensitive information from my code snippets and submission.
App Id
d1qbjxyhsg82r
Region
us-east-1
Environment name
staging
Figma File Version (if applicable)
No response
Amplify CLI Version
10.5.2
If applicable, what version of Node.js are you using?
No response
What operating system are you using?
Mac
Browser type?
chrome
Describe the bug
Adding authentication with social sign-in as Apple causes the push to fail.
Passing in private key with -----BEGIN PRIVATE KEY-----, -----END PRIVATE KEY----- causes the hosted provider function to fail. The Amplify CLI only accepts the key without the comments.
The cloudwatch logs for callout function throws the following error
{
"Status": "FAILED",
"Reason": "See the details in CloudWatch Log Stream: ******",
"PhysicalResourceId": "2022/12/02/[$LATEST]*****",
"StackId": "****",
"RequestId": "7550d102-29fc-4377-b31d-d5759f845fbd",
"LogicalResourceId": "HostedUIProvidersCustomResourceInputs",
"NoEcho": false,
"Data": {
"err": {
"message": "Internal server error.",
"code": "InternalErrorException",
"time": "2022-12-02T10:12:13.234Z",
"requestId": "dbc******",
"statusCode": 500,
"retryable": true
}
}
}
refer to https://github.com/aws-amplify/amplify-cli/issues/11526#issuecomment-1379427972 and https://github.com/aws-amplify/amplify-cli/issues/11526#issuecomment-1380952213 for additional information.
Expected behavior
Validate key the key or parse the key with correct information.
Reproduction steps
- select authentication
- remove email and add phone number as login mechanism
- add social signin with apple
- add credentials (i pasted the key in with the -----BEGIN PRIVATE KEY-----) and deploy
Project Identifier
No response
Additional information
No response
It looks like Amplify CLI might have logic to extract the correct value: https://github.com/aws-amplify/amplify-cli/blob/dev/packages/amplify-category-notifications/src/apns-cert-p12decoder.ts#L77-L90
This seems to another possible code snippet that extracts the private key for the auth category. https://github.com/aws-amplify/amplify-cli/blob/dev/packages/amplify-category-auth/src/provider-utils/awscloudformation/utils/extract-apple-private-key.ts
Not clear if it is working or if it is actually used in headless mode
Root cause could be that Step 2 of the authentication workflow should be required, but customers are able to deploy without selecting one.
Selecting Email resulted in a successful deployment on my last test.
Hey @petercwk, it failed in headless when i tested this: https://github.com/aws-amplify/amplify-cli/issues/11526#issuecomment-1380952213
Hey @petercwk, it failed in headless when i tested this: aws-amplify/amplify-cli#11526 (comment)
From the json payload, "requiredSignupAttributes": []. Could you try adding "PHONE_NUMBER"
using that also fails. On deeper dive found that using Phone number may not be supported by apple sign in. Headless fails for the same reason but when changing to email this works. Need to check if Cognito actually supports Apple sign-in with phone number.
Note: the improvement here is to add validation on the box to see if this is a valid key. The fix will need to be on the CLI.