I setup Postgraphile with postgres 15 and appsync. I am getting an error when logged in with cognito in the appsync console. Appsync is sending cognito username as cognito:username and it NEEDS to be cognito.username. Postgres 14 broke this and now requires dots not colons. Downgrading to Postgres 13 fixes this issue, but am unable to use later versions.
{
"errorType": "error",
"errorMessage": "invalid configuration parameter name \"appsync.identity_claims_cognito:username\"",
"code": "42602",
"length": 215,
"name": "error",
"severity": "ERROR",
"detail": "Custom parameter names must be two or more simple identifiers separated by dots.",
"file": "guc.c",
"line": "8095",
"routine": "find_option",
"stack": [
"error: invalid configuration parameter name \"appsync.identity_claims_cognito:username\"",
" at Parser.parseErrorMessage (/opt/nodejs/node_modules/pg-protocol/dist/parser.js:287:98)",
" at Parser.handlePacket (/opt/nodejs/node_modules/pg-protocol/dist/parser.js:126:29)",
" at Parser.parse (/opt/nodejs/node_modules/pg-protocol/dist/parser.js:39:38)",
" at TLSSocket.<anonymous> (/opt/nodejs/node_modules/pg-protocol/dist/index.js:11:42)",
" at TLSSocket.emit (events.js:400:28)",
" at TLSSocket.emit (domain.js:475:12)",
" at addChunk (internal/streams/readable.js:293:12)",
" at readableAddChunk (internal/streams/readable.js:267:9)",
" at TLSSocket.Readable.push (internal/streams/readable.js:206:10)",
" at TLSWrap.onStreamRead (internal/stream_base_commons.js:188:23)"
]
}
Here is what Appsync sends
{
"arguments": {
"first": 10
},
"identity": {
"claims": {
"sub": "185183c0-7061-7069-c98b-633c0d29e287",
"email_verified": true,
"iss": "https://cognito-idp.us-west-2.amazonaws.com/someurl",
"cognito:username": "185183c0-7061-7069-c98b-633c0d29e287",
"given_name": "Name",
"picture": "url",
"origin_jti": "52232f0a-69bd-4111-bf9d-814de96a6102",
"aud": "1nvkj2901lrft5fp5aga0f3o6o",
"event_id": "71ec9b99-8b38-40f9-acff-330e1e6be9a6",
"token_use": "id",
"auth_time": 1690295821,
"exp": 1690299421,
"iat": 1690295821,
"family_name": "Tester",
"jti": "9f297be3-4308-463f-b08b-ab76115451a8",
"email": "someemail@email.com"
},
"defaultAuthStrategy": "ALLOW",
"groups": null,
"issuer": "https://cognito-idp.us-west-2.amazonaws.com/us-west-2_tgrAwGyCi",
"sourceIp": [
"99.7.64.140"
],
"sub": "185183c0-7061-7069-c98b-633c0d29e287",
"username": "185183c0-7061-7069-c98b-633c0d29e287"
},
Using this one works fine
{
"arguments": {
"first": 10
},
"identity": {
"claims": {
"sub": "185183c0-7061-7069-c98b-633c0d29e287",
"email_verified": true,
"iss": "https://cognito-idp.us-west-2.amazonaws.com/someurl",
"cognito.username": "185183c0-7061-7069-c98b-633c0d29e287",
"given_name": "Name",
"picture": "url",
"origin_jti": "52232f0a-69bd-4111-bf9d-814de96a6102",
"aud": "1nvkj2901lrft5fp5aga0f3o6o",
"event_id": "71ec9b99-8b38-40f9-acff-330e1e6be9a6",
"token_use": "id",
"auth_time": 1690295821,
"exp": 1690299421,
"iat": 1690295821,
"family_name": "Tester",
"jti": "9f297be3-4308-463f-b08b-ab76115451a8",
"email": "someemail@email.com"
},
"defaultAuthStrategy": "ALLOW",
"groups": null,
"issuer": "https://cognito-idp.us-west-2.amazonaws.com/us-west-2_tgrAwGyCi",
"sourceIp": [
"99.7.64.140"
],
"sub": "185183c0-7061-7069-c98b-633c0d29e287",
"username": "185183c0-7061-7069-c98b-633c0d29e287"
},
AWS OFFICIELA mis à jour il y a 2 ans