Skip to content

fix: appsync oidc token ttl correct duration time unit in ms #2928

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 10, 2024
Merged

fix: appsync oidc token ttl correct duration time unit in ms #2928

merged 2 commits into from
Oct 10, 2024

Conversation

@Siqi-Shan
Copy link
Contributor

@Siqi-Shan Siqi-Shan commented Oct 7, 2024
edited
Loading

Description of changes

Fix the Gen2 AmplifyGraphqlApi construct OIDC authorizationModes token TTL related properties tokenExpiryFromAuth and tokenExpiryFromIssue in correct time unit expected by AppSync. Currently all token TTLs would be converted to minutes before resource provision, while AppSync is expecting time units in milliseconds, and would create unexpected token expiration and unauthorized 401 request when credentials are valid.

CDK / CloudFormation Parameters Changed

Issue #, if available

Will provide correct fix to PR #2920

Description of how you validated changes

CI checks and E2E as in PR #2920

Checklist

  • PR description included
  • yarn test passes
  • Tests are changed or added
  • Relevant documentation is changed or added (and PR referenced)
  • Any CDK or CloudFormation parameter changes are called out explicitly

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@Siqi-Shan Siqi-Shan marked this pull request as ready for review October 7, 2024 18:55
@Siqi-Shan Siqi-Shan requested a review from a team as a code owner October 7, 2024 18:55
atierian
atierian approved these changes Oct 8, 2024
View reviewed changes
Copy link
Contributor

@atierian atierian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Looks like E2Es are still running, so let's wait for them to finish before merging.

Adding AppSync docs for future reference -- OpenIDConnectConfig

iatTTL
The number of milliseconds that a token is valid after it's issued to a user.
Type: Long
Required: No

authTTL
The number of milliseconds that a token is valid after being authenticated.
Type: Long
Required: No

@Siqi-Shan
Copy link
Contributor Author

Siqi-Shan commented Oct 8, 2024

LGTM. Looks like E2Es are still running, so let's wait for them to finish before merging.

Adding AppSync docs for future reference -- OpenIDConnectConfig

iatTTL
The number of milliseconds that a token is valid after it's issued to a user.
Type: Long
Required: No

authTTL
The number of milliseconds that a token is valid after being authenticated.
Type: Long
Required: No

Thanks for the documentation reference! I'll keep monitoring the E2E result.

@palpatim palpatim merged commit d690bfa into main Oct 10, 2024
7 of 8 checks passed
@palpatim palpatim deleted the gen-oidc-token-ttl-fix branch October 10, 2024 15:25
palpatim added a commit that referenced this pull request Oct 10, 2024
@palpatim @amplify-data-ci
@Siqi-Shan @atierian @phani-srikar @bobbyu99 @p5quared
Merge pull request #2939 from aws-amplify/palpatim.chore.prep-release
8b1c9fe 
* chore: update .jsii assembly

* chore: update .jsii assembly

* chore: migrate pg array objects e2e test in gen2 cdk (#2906)

* chore: graphql prep for test migration

* refactor: generic graphql field selection string with fieldmap

* feat: add postgres array objects e2e test

* test: remove bootstrap in test code

* chore: schema cleanup

* chore: final cleanup

* chore: add explanation on FieldMap ans examples

* chore: remove dup test

---------

Signed-off-by: Kevin Shan <[email protected]>
Co-authored-by: Tim Schmelter <[email protected]>

* fix(model-transformer) IndexName -> index in query list resolver (#2912)

* chore: upgrade cdk library dependency to 2.158.0 (#2876)

* chore: upgrade cdk dependency to 2.158.0

* chore: install and use nvm

* chore: use full version for nvm

* chore: testing linux build with nvm

* chore: fix version in cdk tests

* chore: update jsii files

* update: increase memory size

* add: debug statement

* update: mem size back to 8096, use ps1 file for shell script

* fix: path to Setup-NodeVersion.ps1

* fix: path to codebuild_specs/Setup-NodeVersion.ps1

* add: set runtime version

* update: image

* add: debug statement

* update: use earlier code

* add: debug statements

* update: clean up code

* update: use the correct image

* add: list installed node versions and used nodejs.install

* restart: install nvm using choco

* add: back mem size variable

* add: nvm install and use 18.20.4

* add: env var NVM_HOME and NVM_SYMLINK

* add: spawn powershell as admin

* update: remove all other builds

* add: debug statement

* add: env var path

* update: print env var

* add: commands

* update: env var set up

* add: refresh env var

* update: more debug statement

* update

* revamp: find nvm.exe

* update: install nvm windows directly

* update: launch new shell if current shell does not recognize nvm

* update: install node in buildspec

* add: install and use node in build spec

* update: use single quote to prevent interpreting \

* add: 2 scripts, one for installing nvm, another for using nvm

* fix: path error

* test: which way set env var

* update: set up env var in pre_build

* update: use choco in pre-build

* fix: syntax error

* update: build_windows working, running all tests

* test: remove bootstrap in test code

* debug: _runGqlE2ETests

* update: debug_workflow

* update: debug_workflow

* update: debug_workflow

* update: debug_workflow

* add: debug statement

* add: debug test

* add: debug

* update: use uuid for bucket name

* remove: use of uuid

* add: debug statement

* update: use differrent bucket name

* add: mili second timestamp

* add: debug statement

* remove: debug statement

* remove: redundant code

---------

Co-authored-by: Bobby Yu <[email protected]>
Co-authored-by: Tim Schmelter <[email protected]>

* test: fix gen 1 init (#2924)

* fix(conversation): allow changes to systemPrompt, inferenceConfig, aiModel to be hotswapped (#2923)

* feat: auto increment support (#2883)

* chore(graphql-default-value-transformer): tidy tests

* test(graphql-default-value-transformer): add unit tests for auto increment support

* feat: 🎸 utils to detect Postgres datasource

* feat: 🎸 support auto increment

Implements support for auto increment (serial) fields from Postgres
datasources. Such fields are denoted by an empty `@default` applied to
an `Int` field.

* test(graphql-default-value-transformer): pk can be auto increment

* test(graphql-default-value-transformer): auto-increment crud e2e

* chore: describe test purpose

* chore: removing logging

* chore: describe why invalid cases are invalid

* chore: remove unecessary e2e test case

* chore: test messaging clarity

* chore: type safety

* chore: alphabetize list

* chore: type of return value asserts against string

Co-authored-by: Tim Schmelter <[email protected]>

* chore: test ensures customers can insert to serial fields with custom values

* chore: verify that @default(value) works on mysql

* chore: remove unecessary ssm test case

* chore: update branch from main

* test: value cannot be null on ddb

---------

Co-authored-by: Tim Schmelter <[email protected]>

* fix(conversation): use functionMap for custom handler IFunction reference (#2922)

* fix(generation): gracefully handle stringified tool_use responses (#2919)

* feat(conversation): per message items and lambda history retrieval pattern (#2914)

* fix: sql default value e2e failures (#2932)

* fix(generation): remove trailing comma in inferenceConfig resolver code (#2933)

* fix: add aws_iam to custom operations when enableIamAuthorization is enabled; fix graphql type utils (#2921)

- test: Add additional tests to fix coverage metrics for unchanged files
- test: Add implicit IAM auth support tests
  - Added a skipped test for custom type support, to be re-enabled once we
    figure out the right strategy for this.

* fix: appsync ttl correct duration time unit in ms (#2928)

Signed-off-by: Kevin Shan <[email protected]>

---------

Signed-off-by: Kevin Shan <[email protected]>
Co-authored-by: amplify-data-ci <[email protected]>
Co-authored-by: Kevin Shan <[email protected]>
Co-authored-by: Ian Saultz <[email protected]>
Co-authored-by: Phani Srikar Edupuganti <[email protected]>
Co-authored-by: Bobby Yu <[email protected]>
Co-authored-by: Dane Pilcher <[email protected]>
Co-authored-by: Peter V. <[email protected]>
tejas2008 pushed a commit that referenced this pull request Oct 29, 2024
@Siqi-Shan @tejas2008
fix: appsync ttl correct duration time unit in ms (#2928)
55a91d7 
Signed-off-by: Kevin Shan <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

3 more reviewers

@atierian atierian atierian approved these changes

@phani-srikar phani-srikar phani-srikar approved these changes

@p5quared p5quared p5quared approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Siqi-Shan @atierian @phani-srikar @p5quared @palpatim