Aws-sdk-ios: Use API Gateway WebSockets with IAM authentication

Created on 10 Mar 2020  路  4Comments  路  Source: aws-amplify/aws-sdk-ios

State your question
I want to implement API Gateway Websockets in my iOS-application. This works fine without authorization and third-party Websocketlibrary (Starscream), but I need to authenticate my Websocket. As soon as I activate IAM-Authorization in my Websocket API, of course I can't connect anymore. My users are authenticated with Cogntio _inside_ my application.
How can I achieve this? If I am right, there aren't Swift methods for AWS Websockets?

Which AWS Services are you utilizing?
API Gateway Websockets
IAM

Environment(please complete the following information):

  • Dependency Manager: Cocoapods
  • Swift Version : 5.1
api gateway cognito follow up question
Source
picture ChrisInspect
👍1

All 4 comments

hi @ChrisInspect can you please provide a code snippet or code sample or how you making the calls?

kneekey23 picture kneekey23 on 27 Mar 2020

Hi @kneekey23 ,
I just call the websocket with standard request and some custom header for lambda processing.

class WebsocketManager:WebSocketDelegate{
  let socket: WebSocket

init() {
        let url = URL(string: "wss://xxxxxxxxxx.execute-api.eu-central-1.amazonaws.com/test")!
        var request = URLRequest(url: url)
        request.setValue("TableName", forHTTPHeaderField: "TableName")
        socket = WebSocket(request: request, certPinner: FoundationSecurity(allowSelfSigned: true))
        socket.delegate = self
    }

func connect(){
        socket.connect()
    }

// and so on....

}

As I mentioned this works and I receive successfully my messages, if authentication in API Gateway is disabled. When authentication is enabled, I guess I have to somehow pass my tokens from AWSMobileClient to the Websocket. Is this right and how can I achieve this?

I would love to have methods directly from AWS for Websocket like AWSApiGateway.default().connectToSocket(socketUrl:"wss://xxxxxxxxxx.execute-api.eu-central-1.amazonaws.com/test") which handles all the authentication. Another advantage is, that I wouldn't be dependent to a third party library anymore.
With Amplify and IoT we can see that there exists some kind of Websocket implementation for iOS SDK already. Switching to for example IoT isn't an option for us. We definitely need AWS Api Gateway Websockets.

ChrisInspect picture ChrisInspect on 30 Mar 2020

@ChrisInspect I solved this by adding the id token I get from Cognito to the request for opening the websocket. Then I verify the token in the lambda function that handles the $connect route. Looking good so far.

stevenkramer picture stevenkramer on 29 Aug 2020
👀2

Hi @kneekey23 Any word on this? From what I can tell, there's no API equivalent to AWSApiGateway.default().connectToSocket(socketUrl:"wss://xxxxxxxxxx.execute-api.eu-central-1.amazonaws.com/test"). Is there any other way to sign a websocket connection using an AWSCognitoCredentialsProvider instance? I attempted to use the AWSSignatureV4Signer.generateQueryStringForSignatureV4(:_) method, but no luck.

rainypixels picture rainypixels on 11 Nov 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mohab2014 picture mohab2014  路  4Comments
pawlowskialex picture pawlowskialex  路  4Comments
joelk picture joelk  路  5Comments
minhthuc251 picture minhthuc251  路  4Comments
aymericio picture aymericio  路  5Comments