amplify-js: FR: Auth components don't support scopes
Is your feature request related to a problem? Please describe.
I’m using the provided react components to build the auth flow (@aws-amplify/ui-react).
Unfortunately there doesn’t seem to be any possibility to request a scope on authentication.
So it’s currently impossible to use this library for proper authentication.
Similar issues (closed without any reason): aws-amplify/amplify-js#3732 aws-amplify/amplify-js#1370. -> That issue already exists for years now
Describe the solution you’d like Hosted-UI supports this. But that is not an option for us. Would be great to pass the same configuration to the react components.
scope: ["email", "profile", "openid", "weather:read"],
Describe alternatives you’ve considered
Unfortunately I don’t see any alternative solution possible with amplify-js.
-> I would really like to use this lib as it saves a ton of work. Thanks for that! Hope you can provide that feature (fix that bug 😉) soon 👍
About this issue
- Original URL
- State: open
- Created 4 years ago
- Reactions: 64
- Comments: 16 (3 by maintainers)
Commits related to this issue
- Merge pull request #237 from aws-amplify/pr/repo-sync Sync amplify-ui to amplify-ui-staging — committed to aws-amplify/amplify-ui by ayush987goyal 2 years ago
I ran into this very issue today. I’m using Vue.js but it’s the same problem. The custom UI used by Amplify’s UI components implements the
USER_SRP_AUTHflow. This flow is completely separate from the OAuth 2.0 flows. As a result, the access token I get back looks like this:Notice the scope above.
When I try to invoke my HTTP API (not using REST) with a Cognito authorizer, passing the access token, I get the error:
Bearer scope="email" error="insufficient_scope" error_description="expected scopes within the token".Is the solution to use the Cognito hosted UI where we can get OAuth 2.0 scopes? If so, does that represent a compatibility issue with things like the Storage API (e.g.
Storage.get())?Whoever is the manager of amplify or cognito big kudos really 🎉 There are so many bugs that TOTALLY block an essential use case and you find them out after you think you are done with the application and the last thing to use is custom scopes and you just CAN’T.
Thank you, people. Really.
Hello everyone, we are looking forward to adding support for scopes for the
Authenticatorcomponent in the future. Currently we are blocked on this feature untilaws-amplifyis able to support scopes forAuth(see sibling feature request here). We realize this is important for you, and we will keep this issue updated when we have progress!Did anyone use amazon-cognito-identity-js? In the changelog they mentioned custom scopes but I can’t see a hint how to define them. Anybody used this as alternative and get a token with access to API Gatway with cognito?
We also have this as sticking point. We are liking using the React Amplify components but really would like the scopes returned. For now we are using the hosted UI which isn’t the best user experience and defeats the purpose of the Amplify components.
Did anyone find a solution or workaround to this???
I have resorted to using the
@aws-sdk(which has the absolute worst authentication flow) to get the correct token from cognito then use Amplify for my API Gateway requests. It’s rather stupid because then what’s the point of Amplify??? It doesn’t really make sense how the hosted UI and theAuth.signInboth use the same code (or so it seems) but somehow they get different scopes!?Can we get feedback from contributors on what the reason for this issue is and if there are any mitigations because this one issue makes Amplify absolutely useless to anyone using cognito without hosted UI.
5 months later but still no feedback here 👎 . FYI: new developer run into this each day that just start using libraries in this repo.