6

I have the following resolver, allowing me to retrieve information about the current user company (companyId is added as a custom field on the cognito user pool). The field on cognito is set to mutable.

{
    "version" : "2017-02-28",
    "operation" : "GetItem",
    "key": {
        "id" : $util.dynamodb.toDynamoDBJson($context.identity.claims.get("custom:companyId"))
    }
}

This works fine when using the AWS AppSync interface (after login in) as the logs show:

{
    "errors": [],
    "mappingTemplateType": "Request Mapping",
    "path": "[getMyClientCompany]",
    "resolverArn": "arn:aws:appsync:eu-west-1:261378271140:apis/rue25cac6jc6vfbhvu32sjafqy/types/Query/fields/getMyClientCompany",
    "transformedTemplate": "{\n    \"version\" : \"2017-02-28\",\n    \"operation\" : \"GetItem\",\n    \"key\": {\n        \"id\" : {\"S\":\"0c1c81db-a771-4856-9a30-d11bf8e3cab1\"}\n    }\n}",
    "context": {
        "arguments": {},
        "source": null,
        "result": null,
        "error": null,
        "outErrors": []
    },
    "fieldInError": false
}

But doesn't work when the code comes from Amplify-js:

{
    "errors": [],
    "mappingTemplateType": "Request Mapping",
    "path": "[getMyClientCompany]",
    "resolverArn": "arn:aws:appsync:eu-west-1:261378271140:apis/rue25cac6jc6vfbhvu32sjafqy/types/Query/fields/getMyClientCompany",
    "transformedTemplate": "{\n    \"version\" : \"2017-02-28\",\n    \"operation\" : \"GetItem\",\n    \"key\": {\n        \"id\" : {\"NULL\":null}\n    }\n}",
    "context": {
        "arguments": {},
        "source": null,
        "result": null,
        "error": null,
        "outErrors": []
    },
    "fieldInError": false
}

The key that should be "custom:companyId" is "NULL" now I imagine the issue is either with Amplify (version 0.4.8) or with the cognito user resolver for some reason

Any idea what could be going on?

Leonardo Marques
  • 3,721
  • 7
  • 36
  • 50
lepthy
  • 101
  • 5
  • Hi, we'll consolidate the response within the [AWS AppSync forums](https://forums.aws.amazon.com/thread.jspa?threadID=287981&tstart=0) since you asked the same question in there. – Rohan Deshpande Aug 14 '18 at 15:52
  • Oh I didn't realise it was the same crowd, please do. – lepthy Aug 14 '18 at 17:12

1 Answers1

8

There are two JWT tokens Cognito may utilize. ID and Access. ID token seems to contain those custom claims.

From Amplify you tweak the Authorization header to use ID token vs Access token.

Here's the code, put it in AWS Amplify configuration:

API: {
  graphql_endpoint: 'https://****.appsync-api.***.amazonaws.com/graphql',
  graphql_region: '***',
  graphql_authenticationType: 'AMAZON_COGNITO_USER_POOLS',
  graphql_headers: async () => {
    try {
      const token = (await Auth.currentSession()).idToken.jwtToken;
      return { Authorization: token }
    }
    catch (e) {
      console.error(e);
      return {};
      // Potentially you can retrieve it from local storage
    }
  }
}

Note, there seem to be several different keys to configure Amplify keys: for example, aws_appsync_graphqlEndpoint vs API { graphql_endpoint }, I used the latter.

Mark Sergienko
  • 181
  • 1
  • 4