Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Signer removed in v6 #13340

Open
3 tasks done
abarke opened this issue May 4, 2024 · 10 comments
Open
3 tasks done

Signer removed in v6 #13340

abarke opened this issue May 4, 2024 · 10 comments
Assignees
Labels
Core Related to core Amplify issues feature-request Request a new feature need-product-input Needs non-technical requirements or direction to proceed pending-maintainer-response Issue is pending a response from the Amplify team. VP Version parity issues between v5 and v6

Comments

@abarke
Copy link

abarke commented May 4, 2024

Before opening, please confirm:

JavaScript Framework

Vue

Amplify APIs

Authentication

Amplify Version

v6

Amplify Categories

auth

Backend

None

Environment information

 System:
    OS: Windows 11 10.0.22631
    CPU: (12) x64 12th Gen Intel(R) Core(TM) i7-1255U
    Memory: 14.51 GB / 39.68 GB
  Binaries:
    Node: 18.15.0 - C:\Program Files\nodejs\node.EXE
    Yarn: 1.22.19 - C:\Program Files\nodejs\yarn.CMD
    npm: 9.5.0 - C:\Program Files\nodejs\npm.CMD
    pnpm: 8.15.5 - C:\Program Files\nodejs\pnpm.CMD
    bun: 1.1.4 - ~\.bun\bin\bun.EXE
  Browsers:
    Edge: Chromium (123.0.2420.97)
    Internet Explorer: 11.0.22621.3527
  npmGlobalPackages:
    @aws-amplify/cli: 11.0.5
    @deptagency/octopus: 1.5.1
    corepack: 0.15.3
    esbuild: 0.18.17
    fast-cli: 3.2.0
    http-server: 14.1.1
    npm: 9.5.0
    qrcode-terminal: 0.12.0
    serverless: 3.30.1
    typescript: 5.0.4
    yarn: 1.22.19

Describe the bug

import { Signer } from "aws-amplify";

Signer export has been removed. I found it somewhere in the core, but could not find a way to import it. I tried "aws-amplify/utils" with no avail.

I could find in node import { Signer } from "@aws-amplify/core/dist/esm/Signer" but again no clean import.

image

Could we have something like this please?

import { signRequest } from "@aws-amplify/core"

No mention about this breaking change in https://docs.amplify.aws/gen1/javascript/build-a-backend/auth/auth-migration-guide/

Expected behavior

import { signRequest } from "@aws-amplify/core"

Reproduction steps

import { Signer } from "aws-amplify";

Code Snippet

import { Signer } from "aws-amplify";

Log output

// Put your logs below this line


aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

@abarke abarke added the pending-triage Issue is pending triage label May 4, 2024
@cwomack cwomack added the Auth Related to Auth components/category label May 5, 2024
@cwomack cwomack self-assigned this May 5, 2024
@cwomack cwomack added Core Related to core Amplify issues VP Version parity issues between v5 and v6 feature-request Request a new feature and removed Auth Related to Auth components/category pending-triage Issue is pending triage labels May 5, 2024
@cwomack
Copy link
Member

cwomack commented May 6, 2024

Hello, @abarke and thank you for creating this issue. While the decision to remove support for the Signer export in v6 of Amplify was intentional, this is something that may have missed in our migration guides. I've marked this as a feature request to be considered for version parity and will review this with our team internally.

Beyond what you've already detailed in the description of this issue, can you share any further context/use cases for this? Thanks!

@abarke
Copy link
Author

abarke commented May 6, 2024

We use an open API generated TS library for our endpoints. To sign the requests we use an interceptor in the generated code so that it works as expected. We sign the requests manually. I switch to using @smithy/signature-v4 for now. That works fine.

// Custom middleware that signs the request with the current credentials
const awsSigningMiddleware: Middleware = {
  pre: async (context) => {
    const { headers } = await signRequest(
      context.init.method ?? "GET",
      context.url,
      parseBody(context.init.body),
    );

    // Update the fetch request headers with the signed headers
    context.init.headers = {
      ...headers,
    };

    return context;
  },
};

// Custom middleware for error handling
const errorHandlingMiddleware: Middleware = {
  onError: async (context) => {
    const h3Error = apiErrorHandler(context.error);

    console.error(h3Error);

    return context.response;
  },
};

// Configure the API client with the custom middleware
const apiConfig = new Configuration({
  middleware: [awsSigningMiddleware, errorHandlingMiddleware],
});

// Create the API client with the custom configuration
export const api = new DefaultApi(apiConfig);

@abarke
Copy link
Author

abarke commented May 6, 2024

Here is the current workaround using @smithy/signature-v4:

async function signRequest(method: string, uri: string, body?: string) {
  const { credentials } = await fetchAuthSession();

  if (credentials === undefined) {
    throw new Error("Unauthorized");
  }

  const url = new URL(uri);

  const request = new HttpRequest({
    hostname: url.hostname,
    path: url.pathname + url.search,
    method,
    body,
    headers: {
      host: url.hostname, // host is required by AWS Signature V4
      "Content-Type": "application/json",
    },
  });

  const signer = new SignatureV4({
    credentials,
    region,
    service,
    sha256: Sha256,
  });

  return signer.sign(request);
}

@cwomack cwomack removed their assignment May 6, 2024
@cwomack cwomack added the need-product-input Needs non-technical requirements or direction to proceed label May 8, 2024
@cwomack
Copy link
Member

cwomack commented May 8, 2024

@abarke, thanks for the code example showing the workaround. Using the @smithy/signature-v4 is the workaround we'd recommend as well at this point and we'll update this issue if we have further progress or questions. Thanks!

@AtharvArolkar
Copy link

https://stackoverflow.com/q/78465559/20597701, Amplify V6 Rest api doesnt seem to sign the request

@OrmEmbaar
Copy link

Not sure when this changed, but for future Googlers we're importing it directly from @aws-sdk as import { SignatureV4 } from '@aws-sdk/signature-v4';.

@github-actions github-actions bot added the pending-maintainer-response Issue is pending a response from the Amplify team. label Oct 1, 2024
@HuiSF
Copy link
Member

HuiSF commented Oct 1, 2024

Hi @AtharvArolkar sorry about the delayed response. We had any issue that IAM and x-api-key cannot be applied in a combo with the REST API. I think the StackOverflow question you posted was caused by this. This issue has been fixed since version 6.5.3 could you give it a try?

@github-actions github-actions bot removed the pending-maintainer-response Issue is pending a response from the Amplify team. label Oct 1, 2024
@victoravr
Copy link

@abarke, thanks for the code example showing the workaround. Using the @smithy/signature-v4 is the workaround we'd recommend as well at this point and we'll update this issue if we have further progress or questions. Thanks!

unfortunately, @smithy/signature-v4 isn't compatible with react native, any suggestions on what to use with Expo?

@github-actions github-actions bot added the pending-maintainer-response Issue is pending a response from the Amplify team. label Dec 28, 2024
@cwomack
Copy link
Member

cwomack commented Dec 30, 2024

@victoravr, we made an intentional decision in v6 to remove support for independent signing. While it's possible to implement this via customizing some of the internal implementations, we don't recommend this approach because it could lead to unstable behavior or introduce breaking changes as we release future versions.

Can you maybe elaborate more on what you're looking to do specifically that's needing this signing functionality? Wondering if there's a way to accomplish what you're looking for via the already supported API's in v6.

@github-actions github-actions bot removed the pending-maintainer-response Issue is pending a response from the Amplify team. label Dec 30, 2024
@victoravr
Copy link

Can you maybe elaborate more on what you're looking to do specifically that's needing this signing functionality? Wondering if there's a way to accomplish what you're looking for via the already supported API's in v6.

I'm doing HTTP GET with axios to Lambda URL with IAM auth... for now it's working with conditional use of aws-sigv4-fetch npm package in expo react-native project

@github-actions github-actions bot added the pending-maintainer-response Issue is pending a response from the Amplify team. label Jan 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Core Related to core Amplify issues feature-request Request a new feature need-product-input Needs non-technical requirements or direction to proceed pending-maintainer-response Issue is pending a response from the Amplify team. VP Version parity issues between v5 and v6
Projects
None yet
Development

No branches or pull requests

7 participants