Search in sources :

Example 1 with DefaultCognitoUserPoolsAuthProvider

use of com.amplifyframework.api.aws.sigv4.DefaultCognitoUserPoolsAuthProvider in project amplify-android by aws-amplify.

the class ApiRequestDecoratorFactory method forAuthType.

/**
 * Given a authorization type, it returns the appropriate request decorator.
 * @param authorizationType the authorization type to be used for the request.
 * @return the appropriate request decorator for the given authorization type.
 * @throws ApiAuthException if unable to get a request decorator.
 */
public RequestDecorator forAuthType(@NonNull AuthorizationType authorizationType) throws ApiAuthException {
    switch(authorizationType) {
        case AMAZON_COGNITO_USER_POOLS:
            // Note that if there was no user-provided cognito provider passed in to initialize
            // the API plugin, we will try to default to using the DefaultCognitoUserPoolsAuthProvider.
            // If that fails, we then have no choice but to bubble up the error.
            CognitoUserPoolsAuthProvider cognitoUserPoolsAuthProvider = apiAuthProviders.getCognitoUserPoolsAuthProvider() != null ? apiAuthProviders.getCognitoUserPoolsAuthProvider() : new DefaultCognitoUserPoolsAuthProvider();
            // By calling getLatestAuthToken() here instead of inside the lambda block, makes the exception
            // handling a little bit cleaner. If getLatestAuthToken() is called from inside the lambda expression
            // below, we'd have to surround it with a try catch. By doing it this way, if there's a problem,
            // the ApiException will just be bubbled up. Same for OPENID_CONNECT.
            final String token;
            try {
                token = cognitoUserPoolsAuthProvider.getLatestAuthToken();
            } catch (ApiException exception) {
                throw new ApiAuthException("Failed to retrieve auth token from Cognito provider.", exception, "Check the application logs for details.");
            }
            return new TokenRequestDecorator(() -> token);
        case OPENID_CONNECT:
            if (apiAuthProviders.getOidcAuthProvider() == null) {
                throw new ApiAuthException("Attempting to use OPENID_CONNECT authorization " + "without an OIDC provider.", "Configure an OidcAuthProvider when initializing " + "the API plugin.");
            }
            final String oidcToken;
            try {
                oidcToken = apiAuthProviders.getOidcAuthProvider().getLatestAuthToken();
            } catch (ApiException exception) {
                throw new ApiAuthException("Failed to retrieve auth token from OIDC provider.", exception, "Check the application logs for details.");
            }
            return new TokenRequestDecorator(() -> oidcToken);
        case AWS_LAMBDA:
            if (apiAuthProviders.getFunctionAuthProvider() == null) {
                throw new ApiAuthException("Attempting to use AWS_LAMBDA authorization " + "without a provider implemented.", "Configure a FunctionAuthProvider when initializing the API plugin.");
            }
            final String functionToken;
            try {
                functionToken = apiAuthProviders.getFunctionAuthProvider().getLatestAuthToken();
            } catch (ApiException exception) {
                throw new ApiAuthException("Failed to retrieve auth token from function auth provider.", exception, "Check the application logs for details.");
            }
            return new TokenRequestDecorator(() -> functionToken);
        case API_KEY:
            if (apiAuthProviders.getApiKeyAuthProvider() != null) {
                return new ApiKeyRequestDecorator(apiAuthProviders.getApiKeyAuthProvider());
            } else if (apiKey != null) {
                return new ApiKeyRequestDecorator(() -> apiKey);
            } else {
                throw new ApiAuthException("Attempting to use API_KEY authorization without " + "an API key provider or an API key in the config file", "Verify that an API key is in the config file or an " + "ApiKeyAuthProvider is setup during the API " + "plugin initialization.");
            }
        case AWS_IAM:
            AWSCredentialsProvider credentialsProvider = apiAuthProviders.getAWSCredentialsProvider() != null ? apiAuthProviders.getAWSCredentialsProvider() : getDefaultCredentialsProvider();
            final AWS4Signer signer;
            final String serviceName;
            if (endpointType == EndpointType.GRAPHQL) {
                signer = new AppSyncV4Signer(region);
                serviceName = APP_SYNC_SERVICE_NAME;
            } else {
                signer = new ApiGatewayIamSigner(region);
                serviceName = API_GATEWAY_SERVICE_NAME;
            }
            return new IamRequestDecorator(signer, credentialsProvider, serviceName);
        case NONE:
        default:
            return NO_OP_REQUEST_DECORATOR;
    }
}
Also used : ApiAuthException(com.amplifyframework.api.ApiException.ApiAuthException) DefaultCognitoUserPoolsAuthProvider(com.amplifyframework.api.aws.sigv4.DefaultCognitoUserPoolsAuthProvider) AWS4Signer(com.amazonaws.auth.AWS4Signer) ApiGatewayIamSigner(com.amplifyframework.api.aws.sigv4.ApiGatewayIamSigner) DefaultCognitoUserPoolsAuthProvider(com.amplifyframework.api.aws.sigv4.DefaultCognitoUserPoolsAuthProvider) CognitoUserPoolsAuthProvider(com.amplifyframework.api.aws.sigv4.CognitoUserPoolsAuthProvider) AWSCredentialsProvider(com.amazonaws.auth.AWSCredentialsProvider) ApiException(com.amplifyframework.api.ApiException) AppSyncV4Signer(com.amplifyframework.api.aws.sigv4.AppSyncV4Signer)

Example 2 with DefaultCognitoUserPoolsAuthProvider

use of com.amplifyframework.api.aws.sigv4.DefaultCognitoUserPoolsAuthProvider in project amplify-android by aws-amplify.

the class MultiAuthSyncEngineInstrumentationTest method configure.

/**
 * Method used to configure each scenario.
 * @param modelType The model type.
 * @param signInToCognito Does the test scenario require the user to be logged in with user pools.
 * @param signInWithOidc Does the test scenario require the user to be logged in with an OIDC provider.
 * @param expectedAuthType The auth type that should succeed for the test.
 * @throws AmplifyException No expected.
 * @throws IOException Not expected.
 */
private void configure(Class<? extends Model> modelType, boolean signInToCognito, boolean signInWithOidc, AuthorizationType expectedAuthType) throws AmplifyException, IOException {
    Amplify.addPlugin(new AndroidLoggingPlugin(LogLevel.VERBOSE));
    String tag = modelType.getSimpleName();
    MultiAuthTestModelProvider modelProvider = MultiAuthTestModelProvider.getInstance(Collections.singletonList(modelType));
    SchemaRegistry schemaRegistry = SchemaRegistry.instance();
    ModelSchema modelSchema = ModelSchema.fromModelClass(modelType);
    schemaRegistry.register(modelType.getSimpleName(), modelSchema);
    StrictMode.enable();
    Context context = getApplicationContext();
    @RawRes int configResourceId = Resources.getRawResourceId(context, "amplifyconfiguration");
    AmplifyConfiguration amplifyConfiguration = AmplifyConfiguration.fromConfigFile(context, configResourceId);
    readCredsFromConfig(context);
    // Setup an auth plugin
    CategoryConfiguration authCategoryConfiguration = amplifyConfiguration.forCategoryType(CategoryType.AUTH);
    // Turn off persistence so the mobile client's state for one test does not interfere with the others.
    try {
        authCategoryConfiguration.getPluginConfig("awsCognitoAuthPlugin").getJSONObject("Auth").getJSONObject("Default").put("Persistence", false);
    } catch (JSONException exception) {
        exception.printStackTrace();
        fail();
        return;
    }
    AuthCategory authCategory = new AuthCategory();
    AWSCognitoAuthPlugin authPlugin = new AWSCognitoAuthPlugin();
    authCategory.addPlugin(authPlugin);
    authCategory.configure(authCategoryConfiguration, context);
    auth = SynchronousAuth.delegatingTo(authCategory);
    if (signInToCognito) {
        Log.v(tag, "Test requires signIn.");
        AuthSignInResult authSignInResult = auth.signIn(cognitoUser, cognitoPassword);
        if (!authSignInResult.isSignInComplete()) {
            fail("Unable to complete initial sign-in");
        }
    }
    if (signInWithOidc) {
        oidcLogin();
        if (token.get() == null) {
            fail("Unable to autenticate with OIDC provider");
        }
    }
    // Setup an API
    DefaultCognitoUserPoolsAuthProvider cognitoProvider = new DefaultCognitoUserPoolsAuthProvider(authPlugin.getEscapeHatch());
    CategoryConfiguration apiCategoryConfiguration = amplifyConfiguration.forCategoryType(CategoryType.API);
    ApiAuthProviders apiAuthProviders = ApiAuthProviders.builder().cognitoUserPoolsAuthProvider(cognitoProvider).awsCredentialsProvider(authPlugin.getEscapeHatch()).oidcAuthProvider(token::get).build();
    ApiCategory apiCategory = new ApiCategory();
    requestInterceptor = new HttpRequestInterceptor(expectedAuthType);
    apiCategory.addPlugin(AWSApiPlugin.builder().configureClient("DataStoreIntegTestsApi", okHttpClientBuilder -> okHttpClientBuilder.addInterceptor(requestInterceptor)).apiAuthProviders(apiAuthProviders).build());
    apiCategory.configure(apiCategoryConfiguration, context);
    api = SynchronousApi.delegatingTo(apiCategory);
    // Setup DataStore
    DataStoreConfiguration dsConfig = DataStoreConfiguration.builder().errorHandler(exception -> Log.e(tag, "DataStore error handler received an error.", exception)).syncExpression(modelSchema.getName(), () -> Where.id("FAKE_ID").getQueryPredicate()).build();
    CategoryConfiguration dataStoreCategoryConfiguration = AmplifyConfiguration.fromConfigFile(context, configResourceId).forCategoryType(CategoryType.DATASTORE);
    String databaseName = "IntegTest" + modelType.getSimpleName() + ".db";
    SQLiteStorageAdapter sqLiteStorageAdapter = TestStorageAdapter.create(schemaRegistry, modelProvider, databaseName);
    AWSDataStorePlugin awsDataStorePlugin = AWSDataStorePlugin.builder().storageAdapter(sqLiteStorageAdapter).modelProvider(modelProvider).apiCategory(apiCategory).authModeStrategy(AuthModeStrategyType.MULTIAUTH).schemaRegistry(schemaRegistry).dataStoreConfiguration(dsConfig).build();
    DataStoreCategory dataStoreCategory = new DataStoreCategory();
    dataStoreCategory.addPlugin(awsDataStorePlugin);
    dataStoreCategory.configure(dataStoreCategoryConfiguration, context);
    dataStoreCategory.initialize(context);
    dataStore = SynchronousDataStore.delegatingTo(dataStoreCategory);
}
Also used : MultiAuthTestModelProvider(com.amplifyframework.testmodels.multiauth.MultiAuthTestModelProvider) ApplicationProvider.getApplicationContext(androidx.test.core.app.ApplicationProvider.getApplicationContext) Context(android.content.Context) AmplifyException(com.amplifyframework.AmplifyException) ApplicationProvider.getApplicationContext(androidx.test.core.app.ApplicationProvider.getApplicationContext) AuthorizationType(com.amplifyframework.api.aws.AuthorizationType) PrivatePrivatePublicUPIAMIAMPost(com.amplifyframework.testmodels.multiauth.PrivatePrivatePublicUPIAMIAMPost) PublicPublicIAMAPIPost(com.amplifyframework.testmodels.multiauth.PublicPublicIAMAPIPost) AuthSignOutOptions(com.amplifyframework.auth.options.AuthSignOutOptions) DataStoreHubEventFilters.publicationOf(com.amplifyframework.datastore.DataStoreHubEventFilters.publicationOf) AndroidLoggingPlugin(com.amplifyframework.logging.AndroidLoggingPlugin) OwnerPublicUPAPIPost(com.amplifyframework.testmodels.multiauth.OwnerPublicUPAPIPost) JSONException(org.json.JSONException) AWSApiPlugin(com.amplifyframework.api.aws.AWSApiPlugin) JSONObject(org.json.JSONObject) AmplifyConfiguration(com.amplifyframework.core.AmplifyConfiguration) Map(java.util.Map) PrivateUPPost(com.amplifyframework.testmodels.multiauth.PrivateUPPost) Assert.fail(org.junit.Assert.fail) Log(android.util.Log) ResponseBody(okhttp3.ResponseBody) MultiAuthTestModelProvider(com.amplifyframework.testmodels.multiauth.MultiAuthTestModelProvider) Interceptor(okhttp3.Interceptor) AfterClass(org.junit.AfterClass) Request(okhttp3.Request) GroupUPPost(com.amplifyframework.testmodels.multiauth.GroupUPPost) HubChannel(com.amplifyframework.hub.HubChannel) SerializedModel(com.amplifyframework.core.model.SerializedModel) OwnerPublicOIDAPIPost(com.amplifyframework.testmodels.multiauth.OwnerPublicOIDAPIPost) OwnerPrivateUPIAMPost(com.amplifyframework.testmodels.multiauth.OwnerPrivateUPIAMPost) DefaultCognitoUserPoolsAuthProvider(com.amplifyframework.api.aws.sigv4.DefaultCognitoUserPoolsAuthProvider) UUID(java.util.UUID) ApiCategory(com.amplifyframework.api.ApiCategory) PrivatePublicComboUPPost(com.amplifyframework.testmodels.multiauth.PrivatePublicComboUPPost) Logger(com.amplifyframework.logging.Logger) CognitoJWTParser(com.amazonaws.mobileconnectors.cognitoidentityprovider.util.CognitoJWTParser) Assert.assertFalse(org.junit.Assert.assertFalse) RandomString(com.amplifyframework.testutils.random.RandomString) SynchronousAuth(com.amplifyframework.testutils.sync.SynchronousAuth) LogLevel(com.amplifyframework.logging.LogLevel) PublicAPIPost(com.amplifyframework.testmodels.multiauth.PublicAPIPost) Context(android.content.Context) GroupPrivatePublicUPIAMAPIPost(com.amplifyframework.testmodels.multiauth.GroupPrivatePublicUPIAMAPIPost) AuthCategory(com.amplifyframework.auth.AuthCategory) HashMap(java.util.HashMap) ApiAuthProviders(com.amplifyframework.api.aws.ApiAuthProviders) Resources(com.amplifyframework.testutils.Resources) HubAccumulator(com.amplifyframework.testutils.HubAccumulator) SynchronousApi(com.amplifyframework.testutils.sync.SynchronousApi) IdToken(com.google.auth.oauth2.IdToken) AtomicReference(java.util.concurrent.atomic.AtomicReference) Headers(okhttp3.Headers) RequestBody(okhttp3.RequestBody) SchemaRegistry(com.amplifyframework.core.model.SchemaRegistry) RawRes(androidx.annotation.RawRes) PrivatePublicUPIAMPost(com.amplifyframework.testmodels.multiauth.PrivatePublicUPIAMPost) AuthSignInResult(com.amplifyframework.auth.result.AuthSignInResult) Author(com.amplifyframework.testmodels.commentsblog.Author) ModelSchema(com.amplifyframework.core.model.ModelSchema) PrivatePublicComboAPIPost(com.amplifyframework.testmodels.multiauth.PrivatePublicComboAPIPost) Response(okhttp3.Response) CategoryConfiguration(com.amplifyframework.core.category.CategoryConfiguration) PublicIAMPost(com.amplifyframework.testmodels.multiauth.PublicIAMPost) Amplify(com.amplifyframework.core.Amplify) PrivatePrivatePublicUPIAMAPIPost(com.amplifyframework.testmodels.multiauth.PrivatePrivatePublicUPIAMAPIPost) SynchronousDataStore(com.amplifyframework.testutils.sync.SynchronousDataStore) Buffer(okio.Buffer) CategoryType(com.amplifyframework.core.category.CategoryType) GroupPrivateUPIAMPost(com.amplifyframework.testmodels.multiauth.GroupPrivateUPIAMPost) PrivatePublicUPAPIPost(com.amplifyframework.testmodels.multiauth.PrivatePublicUPAPIPost) Model(com.amplifyframework.core.model.Model) AWSCognitoAuthPlugin(com.amplifyframework.auth.cognito.AWSCognitoAuthPlugin) Test(org.junit.Test) IOException(java.io.IOException) Where(com.amplifyframework.core.model.query.Where) SQLiteStorageAdapter(com.amplifyframework.datastore.storage.sqlite.SQLiteStorageAdapter) GroupPublicUPIAMPost(com.amplifyframework.testmodels.multiauth.GroupPublicUPIAMPost) PrivatePrivateUPIAMPost(com.amplifyframework.testmodels.multiauth.PrivatePrivateUPIAMPost) TimeUnit(java.util.concurrent.TimeUnit) AuthModeStrategyType(com.amplifyframework.api.aws.AuthModeStrategyType) OwnerOIDCPost(com.amplifyframework.testmodels.multiauth.OwnerOIDCPost) OwnerPrivatePublicUPIAMAPIPost(com.amplifyframework.testmodels.multiauth.OwnerPrivatePublicUPIAMAPIPost) TestStorageAdapter(com.amplifyframework.datastore.storage.sqlite.TestStorageAdapter) PrivatePublicPublicUPAPIIAMPost(com.amplifyframework.testmodels.multiauth.PrivatePublicPublicUPAPIIAMPost) Resources.readJsonResourceFromId(com.amplifyframework.core.Resources.readJsonResourceFromId) DataStoreHubEventFilters.networkStatusFailure(com.amplifyframework.datastore.DataStoreHubEventFilters.networkStatusFailure) GroupPublicUPAPIPost(com.amplifyframework.testmodels.multiauth.GroupPublicUPAPIPost) OwnerUPPost(com.amplifyframework.testmodels.multiauth.OwnerUPPost) Collections(java.util.Collections) ServiceAccountCredentials(com.google.auth.oauth2.ServiceAccountCredentials) JSONArray(org.json.JSONArray) RawRes(androidx.annotation.RawRes) AmplifyConfiguration(com.amplifyframework.core.AmplifyConfiguration) DefaultCognitoUserPoolsAuthProvider(com.amplifyframework.api.aws.sigv4.DefaultCognitoUserPoolsAuthProvider) SQLiteStorageAdapter(com.amplifyframework.datastore.storage.sqlite.SQLiteStorageAdapter) CategoryConfiguration(com.amplifyframework.core.category.CategoryConfiguration) JSONException(org.json.JSONException) RandomString(com.amplifyframework.testutils.random.RandomString) AWSCognitoAuthPlugin(com.amplifyframework.auth.cognito.AWSCognitoAuthPlugin) AndroidLoggingPlugin(com.amplifyframework.logging.AndroidLoggingPlugin) ModelSchema(com.amplifyframework.core.model.ModelSchema) AuthCategory(com.amplifyframework.auth.AuthCategory) ApiCategory(com.amplifyframework.api.ApiCategory) ApiAuthProviders(com.amplifyframework.api.aws.ApiAuthProviders) AuthSignInResult(com.amplifyframework.auth.result.AuthSignInResult) SchemaRegistry(com.amplifyframework.core.model.SchemaRegistry)

Example 3 with DefaultCognitoUserPoolsAuthProvider

use of com.amplifyframework.api.aws.sigv4.DefaultCognitoUserPoolsAuthProvider in project amplify-android by aws-amplify.

the class TestApiCategory method fromConfiguration.

/**
 * Creates an instance of {@link ApiCategory}, using the provided configuration
 * file, referred to by its android resource ID.
 * @return A configured and initialized ApiCategory instance
 */
@NonNull
static ApiCategory fromConfiguration(@RawRes int resourceId) throws AmplifyException {
    CognitoUserPoolsAuthProvider cognitoUserPoolsAuthProvider = new DefaultCognitoUserPoolsAuthProvider(AWSMobileClient.getInstance());
    ApiAuthProviders providers = ApiAuthProviders.builder().awsCredentialsProvider(AWSMobileClient.getInstance()).cognitoUserPoolsAuthProvider(cognitoUserPoolsAuthProvider).build();
    AWSApiPlugin plugin = AWSApiPlugin.builder().apiAuthProviders(providers).build();
    ApiCategory apiCategory = new ApiCategory();
    apiCategory.addPlugin(plugin);
    CategoryConfiguration apiConfiguration = AmplifyConfiguration.fromConfigFile(getApplicationContext(), resourceId).forCategoryType(CategoryType.API);
    apiCategory.configure(apiConfiguration, getApplicationContext());
    // apiCategory.initialize(...); Doesn't currently contain any logic, so, skip it.
    return apiCategory;
}
Also used : DefaultCognitoUserPoolsAuthProvider(com.amplifyframework.api.aws.sigv4.DefaultCognitoUserPoolsAuthProvider) CategoryConfiguration(com.amplifyframework.core.category.CategoryConfiguration) ApiCategory(com.amplifyframework.api.ApiCategory) DefaultCognitoUserPoolsAuthProvider(com.amplifyframework.api.aws.sigv4.DefaultCognitoUserPoolsAuthProvider) CognitoUserPoolsAuthProvider(com.amplifyframework.api.aws.sigv4.CognitoUserPoolsAuthProvider) NonNull(androidx.annotation.NonNull)

Aggregations

DefaultCognitoUserPoolsAuthProvider (com.amplifyframework.api.aws.sigv4.DefaultCognitoUserPoolsAuthProvider)3 ApiCategory (com.amplifyframework.api.ApiCategory)2 CognitoUserPoolsAuthProvider (com.amplifyframework.api.aws.sigv4.CognitoUserPoolsAuthProvider)2 CategoryConfiguration (com.amplifyframework.core.category.CategoryConfiguration)2 Context (android.content.Context)1 Log (android.util.Log)1 NonNull (androidx.annotation.NonNull)1 RawRes (androidx.annotation.RawRes)1 ApplicationProvider.getApplicationContext (androidx.test.core.app.ApplicationProvider.getApplicationContext)1 AWS4Signer (com.amazonaws.auth.AWS4Signer)1 AWSCredentialsProvider (com.amazonaws.auth.AWSCredentialsProvider)1 CognitoJWTParser (com.amazonaws.mobileconnectors.cognitoidentityprovider.util.CognitoJWTParser)1 AmplifyException (com.amplifyframework.AmplifyException)1 ApiException (com.amplifyframework.api.ApiException)1 ApiAuthException (com.amplifyframework.api.ApiException.ApiAuthException)1 AWSApiPlugin (com.amplifyframework.api.aws.AWSApiPlugin)1 ApiAuthProviders (com.amplifyframework.api.aws.ApiAuthProviders)1 AuthModeStrategyType (com.amplifyframework.api.aws.AuthModeStrategyType)1 AuthorizationType (com.amplifyframework.api.aws.AuthorizationType)1 ApiGatewayIamSigner (com.amplifyframework.api.aws.sigv4.ApiGatewayIamSigner)1