AppSync resolvers unable to identify the Cognito Auth and unable to resolve $context.identity


I am developing appsync resolvers with Cognito userpools and default Auth mode. The resolver mapping context doesn't seem to understand the $context. identity within the AppSync resolvers.


I'm getting the error TS2339: Property username does not exist in type Identity. Property 'username does not exist on type 'AppSyncIdentityOIDC. when I use the ctx.identity within the Resolvers.

AppSync resolver

import { util } from '@aws-appsync/utils';

 * Puts an item into the DynamoDB table.
 * using @aws_cognito_user_pools in schema
 * @param {import('@aws-appsync/utils').Context<{input: any}>} ctx the context
 * @returns {import('@aws-appsync/utils').DynamoDBPutItemRequest} the request
export function request(ctx) {
    const { email, name } = ctx.args.input;
    const values = {

    return {
        "operation": "PutItem",
        "key": {
            "Id" : util.dynamodb.toDynamoDB(ctx.identity.username)
        "attributeValues" : util.dynamodb.toMapValues(values)

I can see the cognito userName and claims in the cloudwatch Logs


    "logType": "RequestFunctionEvaluation",
    "path": [
    "fieldName": "createUser",
    "resolverArn": "arn:aws:appsync:xxxxx/types/Mutation/resolvers/createUser",
    "requestId": "xxxx-8c7ca",
    "context": {
        "arguments": {
            "input": {
                "email": "",
                "name": "testUser"
        "stash": {},
        "outErrors": []
    "fieldInError": true,
    "evaluationResult": {
        "operation": "PutItem",
        "key": {
            "Id": {
                "claims": {
                    "sub": "xxxxxx",
                    "email_verified": true,
                    "iss": "",
                    "cognito:username": "testUser10",
                    "email": ""
                "defaultAuthStrategy": "ALLOW",
                "issuer": "",
                "sourceIp": [
                "sub": "c478c4f8-4011-70bf-3ac5-03f79e6546ee",
                "username": "testUser10"
        "attributeValues": {
    "errors": [
        "Runtime Error"
    "parentType": "Mutation",
    "graphQLAPIId": "xxxxxx"

I just want to get the email and username from the context and populate my datasource(Dynamo).

What am I doing wrong here?

1 Respuesta

I had a similar issue when I switched from API key authentication to Cognito user pool based authentication - the resolver editor would not recognize the new identity structure.

I solved it by replacing the nested object notation (context.identity.username) with the more generic notation (context.identity['username']) cause JavaScript can deal with both types of syntax.

respondido hace 3 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas