amplify-cli icon indicating copy to clipboard operation
amplify-cli copied to clipboard
verified publisher icon aws-amplify

Add input validation to SIWA private key prompt

Open josefaidt opened this issue 4 years ago • 0 comments

Is this related to a new or existing Amplify category?

auth

Is this related to another service?

n/a

Describe the feature you'd like to request

Add input validation for SIWA private key (PKCS8 PEM format) prompt, preventing developers from adding the social provider and mitigating failed push attempts. Currently providing a fake value (example: fakeprivatekey) will allow a successful update to the local auth resource only to error on push for HostedUIProvidersCustomResourceInputs, and pointing developers to check the CloudWatch logs for this Lambda callout. This log will display the error:

CREATE_FAILED      HostedUIProvidersCustomResourceInputs Custom::LambdaCallout      Fri Sep 03 2021 13:32:00 GMT-0500 (Central Daylight Time) Received response status [FAILED] from custom resource. Message returned: See the details in CloudWatch Log Stream: 2021/09/03/[$LATEST]1f507a017e90478c88299b19bf549fe6 (RequestId: 4a841311-2d06-454e-8a93-bd360059c76c)

image

AWS Amplify Admin UI has input validation built into the form used to add SIWA social signin, preventing developers from providing a fake value. By adding this input validation it will also align DX across Admin UI and the CLI.

image

Describe the solution you'd like

When providing a fake private key value such as fakeprivatekey CLI should prevent the developer from continuing until a valid private key value (PKCS8 PEM format) is supplied, similar to how the validation error is supplied when adding an APNS notification:

? Choose authentication method used for APNs Key
? The bundle id used for APNs Tokens:  fakebundleid
? The team id used for APNs Tokens:  faketeamid
? The key id used for APNs Tokens:  fakekeyid
? The key file path (.p8):  /fake/key/path.p8
>> file path must be valid

Example:

Select the identity providers you want to configure for your user pool: Sign in with Apple
  
 You've opted to allow users to authenticate via Sign in with Apple. If you haven't already, you'll need to go to https://developer.
apple.com/account/#/welcome and configure Sign in with Apple. 
 
 Enter your Services ID for your OAuth flow:  fakeserviceid
 Enter your Team ID for your OAuth flow:  faketeamid
 Enter your Key ID for your OAuth flow:  fakekeyid
 Enter your Private Key for your OAuth flow:  fakeprivatekey
>> Private key must be valid

Describe alternatives you've considered

n/a

Additional context

No response

Is this something that you'd be interested in working on?

  • [ ] 👋 I may be able to implement this feature request
  • [ ] ⚠️ This feature might incur a breaking change

josefaidt avatar Sep 03 '21 19:09 josefaidt