Use authentication from AWSCognitoIdentityProvider with Amplify

[tomsinqg]

Is your feature request related to a problem? Please describe.

We are currently migrating from AWSAppSync to Amplify's AWSAPIPlugin as AWSAppSync is in maintenance mode and support will be dropped soon. We currently use AWSCognitoIdentityProvider for all the authentication in the app and have a lot of custom code written around this that we would like to continue to use as it handles things outside of the AWSAppSync part. Is there a way to use the token/authentication from AWSCognitoIdentityProvider with Amplify rather than AWSCognitoAuthPlugin so that we can just use the AWSAPIPlugin part of Amplify without rewriting all of our authentication layer?

Describe the solution you'd like

Being able to provide Amplify with a token gathered elsewhere for authentication rather than scrapping all our authentication layer and switching to AWSCognitoAuthPlugin.

Describe alternatives you've considered

1. Rewriting our authentication layer (this includes all of logging in, registration, resetting passwords, MFA, multiple login methods, and how we handle all our standard REST networking and some S3 stuff as well).
2. Using both AWSCognitoIdentityProvider and AWSCognitoAuthPlugin in the same project, however adding both seems to cause a lot of conflicts that stops the project from being able to build with no obvious solution.

Is the feature request related to any of the existing Amplify categories?

API, Auth

Additional context

No response

[harsh62]

@tomsinqg

Is there a way to use the token/authentication from AWSCognitoIdentityProvider with Amplify rather than AWSCognitoAuthPlugin

AWSCognitoAuthPlugin is using AWSCognitoIdentityProvider to handle all authentication related things with Cognito. Would you be able to share code snippets that you are facing problems with and we can help you guide on what the right usage would be using the auth plugin.

[tomsinqg]

Thanks for your reply! This is less of an individual snippet thing and more of a complete API change from what I can see, but perhaps there’s something I’m missing.

At the moment we have various files that import AWSCognitoIdentityProvider and use the library to perform various actions such as handling our custom login/challenge logic. If I remove this library and instead import AWSCognitoAuthPlugin all the AWS classes and calls highlight red, which to me indicates that I would need to rewrite all the files that use the AWSCognitoIdentityProvider to use a new way, which is a lot of effort as we have quite a lot of code looking at this library and we are trying to minimise the changes required for us to migrate away from AWSAppSync. Is there a way for us to leave everything Auth side as is, while swapping out to Amplify?

It could be that we don’t have a choice and that to use Amplify we need to rewrite those files to use a new way, but I was hoping maybe there’s something was a back door for use to keep all our existing auth logic and just provide Amplify with the output/token for the use of GraphQL.

Thanks again for responding to my question/issue.

[harsh62]

It could be that we don’t have a choice and that to use Amplify we need to rewrite those files to use a new way

Unfortunately, you would need to rewrite those classes in order to use AWSCognitoAuthPlugin

[tomsinqg]

It could be that we don’t have a choice and that to use Amplify we need to rewrite those files to use a new way

Unfortunately, you would need to rewrite those classes in order to use AWSCognitoAuthPlugin

So there is actually a way around this so that we can provide a token! It's outlined in this doc page: https://docs.amplify.aws/gen1/swift/build-a-backend/graphqlapi/customize-authz-modes/#aws-lambda-1

For anyone viewing this conversation:
You can provide a Factory and Function that can return your authentication token string, and you update your Amplfy JSON file to use Lamda (see link for actual details, code below is just a representation).

class MyAPIAuthProviderFactory: APIAuthProviderFactory {
    let myAuthProvider = MyFunctionAuthProvider()

    override func functionAuthProvider() -> AmplifyFunctionAuthProvider? {
        return MyFunctionAuthProvider()
    }
}

class MyFunctionAuthProvider : AmplifyFunctionAuthProvider {
    func getLatestAuthToken() async throws -> String {
       ....
    }
}

try Amplify.add(plugin: AWSAPIPlugin(apiAuthProviderFactory: MyAPIAuthProviderFactory()))
try Amplify.configure()

[github-actions]

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.