Amplify-js: Need to be able to get JWT token and refresh accessToken server sided
Wanted to get an issue open so that I can track the status of this issue :)
I have 2 things that I need to be able to do.. currently in my Next.JS application.
1) Get the AWS Cognito user's JWT token via cookies like the following
auth: {
// Amazon Cognito user pools using AWS Amplify
type: AUTH_TYPE.AMAZON_COGNITO_USER_POOLS,
jwtToken: async () => (await Auth.currentSession()).getIdToken().getJwtToken(),
}
Note: Obviously this doesn't work because this is a client request.. There needs to be a solution that allows to do this same method.. but grabs the accessToken from the request headers cookies.. so I can get the JWT token before the page is rendered in React.
I've been using the following to get the accessToken from the cookies like so:
export function getKeyValue(req, string) {
const cookies = parseCookies(req)
const key = Object.keys(cookies).filter(k => k.includes(string))
return key.length ? cookies[key] : ''
}
and using it like so:
const apollo = initApollo(
{},
{
...config,
getToken: () => getKeyValue(req, 'accessToken'),
},
)
You can check this repo here on NextJS for an example https://github.com/zeit/next.js/tree/canary/examples/with-apollo-auth
2) A function to refresh the accessToken is also neccesary since the accessTokens are only active for 1 hour
Note: Yes AWS Amplify comes with a function that automatically updates the accessToken.. but again thats client side and doesn't really help much. I need a function that does this server sided via cookies or something.. and is good to go by the time the page loads.
Thanks and lmk if you need any more information!
dmitryyankowski
All 17 comments
@lolcoolkat thanks for the excellent details and suggestions here to improve ssr. We will add this to the backlog. I'll update this with a milestone once we spec it out, and/or feel free to provide suggestion/pr
mlabieniec
on 6 Jun 2018
@lolcoolkat You might also want to reach out to Nader Dabit (Developer Advocate at AWS Mobile). He just posted SSR GraphQL with Next.js & AWS AppSync on Medium.
buggy
on 7 Jun 2018
@buggy Yep I was one of the first people to see the post hehe :D Unfortunately I can't really do much with it besides using an API key with AWS Appsync. Since your JWT functions aren't SSR compatible I can't use the Auth.currentSession() function :/ I'm building my application using Cognito User Pools so i'm kinda in a stand still atm :D
dmitryyankowski
on 7 Jun 2018
I'm stuck on this issue as well. I'm using next.js and want to accessAuth.currentSession() in getInitialProps() so that I can determine if the user should be redirected to another page if not logged in. Any help on this would be great!
michaelmerrill
on 10 Jun 2018
Yeah hopefully it will be worked on soon @michaelmerrill :D I'm really looking forward to SSR support!
dmitryyankowski
on 11 Jun 2018
Any updates?
allpwrfulroot
on 8 Jul 2018
Also need this feature
thenengah
on 9 Jul 2018
@lolcoolkat I'm a confused by your assertion re JWT handling as the block for SSR.
When I follow the userPoolUser logic branch of Auth.currentAuthenticatedUser, I pass by storage and get to JWT actions involving amazon-cognito-identity-js/src/Client.js, where fetch could have been polyfilled, for example, by isomorphic-unfetch. So, isn't the SSR block with storage? If so, if storage is customized to respond differentially to the browser and server, won't that ensure the objects calling fetch via the client are properly initialized in time for the calls?
Alternatively, for SSR, it seems one could cobble an interim solution from aws-amplify and amazon-cognito-identity-js (including the refreshment of JWT tokens from the solution posted at https://aws-amplify.github.io/amplify-js/media/authentication_guide _ https://gist.github.com/kndt84/5be8e86a15468ed1c8fc3699429003ad.) In this approach, amazon-cognito-identity-js fills in for Auth.currentAuthenticatedUser. However, I don't know what this approach gives up in terms of other amplify facilities, e.g., AWSPinpointProvider.
(@mlabieniec if you've already seen what lolcoolkat means and agreed with him, any further comment would be welcome.)
gpolyn
on 15 Aug 2018
@lolcoolkat have you managed to do anything on this front? Would be great if you can share!
sakhmedbayev
on 10 Jan 2019
@lolcoolkat! Anyone! Desperately need a solution to this issue!
sakhmedbayev
on 18 Jan 2019
I managed to get the access token from
let jwt = Auth.currentAuthenticatedUser()
.getSignInUserSession()
.getAccessToken()
.getJwtToken();
Where:
import { Auth } from "aws-amplify";
@sakhmedbayev
JoePassanante
on 18 Feb 2019
@lolcoolkat Just wondering why you closed this ticket? Did you find a solution ? It would be great if you could provide some update to the status of this. did you use @gpolyn 's suggestion?
Thanks 馃憤
Paddy-Hamilton
on 20 Feb 2019
I'm trying to deal with this, and I think that it might work if we set the custom storage to grab the cookies from the header instead from the client. But this means we can't grab the cookies from the client.
j0lv3r4
on 1 Sep 2019
@JoePassanante Are you sure you managed to get that from the SSR?
https://github.com/aws-amplify/amplify-js/issues/992#issuecomment-464602007
OmarZeidan
on 15 May 2020
I believe in the newer versions of appsync this is no longer an accepted way to get the token. I am still stuck on trying to get the token sadly.
hutber
on 26 Sep 2020
how do you then pass this JWT on client side in react UI app to amplify API.GraphQL, .Rest, or DataStore.save utilities ?
bjm88
on 6 Jan 2021
@bjm88 If you're calling DataStore.save, GraphQLAPI.query, etc. on the client, the Amplify handles the JWT for you automatically.
withSSRContext, when enabled, will share credentials on the server so calls there work as well, as long as authentication has happened on the client first:
ericclemmons
on 6 Jan 2021
Related issues
cosmosof
路
3Comments
lucasmike
路
3Comments
ldgarcia
路
3Comments
leantide
路
3Comments
romainquellec
路
3Comments
Most helpful comment
Also need this feature