Amplify-cli: I'd like to get Amplify auth username on Amplify function with Amplify REST API.

Hey @hi120ki, since you're talking about authenticated users, you should be able to get away with something like this:

import { Auth} from 'aws-amplify';

  //inside some async function, AFTER the user has authenticated with Cognito
  const tokens = await Auth.currentSession();
  const userName = tokens.getIdToken().payload['cognito:username'];

Let me know if that is helpful.

Edit: Wow, sorry, I missed the point. This is inside a Lambda, not the client, so importing Amplify is a bit overkill.

It seems like the best solution would be to set a custom header on app initialization that always sends the username as a header to your lambda. Then you just check for that header in your lambda and return a 4xx if the header is not present.

Edit2: Okay, upon multiple tired readings, I'm not sure which you are asking, but either one of the two solutions I previously posted should be helpful for you.

@hi120ki what if you send the JWT on the body of the request and then validate the token on your function and extract the username?

Thank you for answering my question.

https://aws-amplify.github.io/docs/js/api#cognito-user-pools-authorization
I read this document, and tried to set JWT token into header, but this causes 403 error. (API Gateway blocked API call).

To do this, I have to set "custom authorizer" to API Gateway.
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html

But, today's amplify-cli may not support to set this.

I am adding this to our backlog, once the product team prioritizes this we will work on this issue.

@hi120ki does the preflight request return 200?

@jkeys-ecg-nmsu Yes, OPTIONS request returns 200. But POST request returns 403.

@yuth is retrieving user data on back-end side (that made a request) still not possible with Amplify?
I'm concerned about many security flaws with the app that I'm currently working because of this feature lack...