feat(@aws-amplify/datastore): DataStore - Multi-Auth (#8008)

.circleci/config.yml

@@ -562,6 +562,23 @@ jobs:
           spec: many-to-many
           browser: << parameters.browser >>
 
+  integ_react_datastore_multi_auth:
+    parameters:
+      browser:
+        type: string
+    executor: js-test-executor
+    <<: *test_env_vars
+    working_directory: ~/amplify-js-samples-staging/samples/react/datastore/multi-auth
+    steps:
+      - prepare_test_env
+      - integ_test_js:
+          test_name: 'React DataStore Multi-Auth'
+          framework: react
+          category: datastore
+          sample_name: multi-auth
+          spec: multi-auth
+          browser: << parameters.browser >>
+
   integ_react_datastore_subs_disabled:
     parameters:
       browser:
@@ -892,6 +909,15 @@ workflows:
           matrix:
             parameters:
               <<: *test_browsers
+      - integ_react_datastore_multi_auth:
+          requires:
+            - integ_setup
+            - build
+          filters:
+            <<: *releasable_branches
+          matrix:
+            parameters:
+              <<: *test_browsers
       - integ_react_datastore_subs_disabled:
           requires:
             - integ_setup
@@ -1004,6 +1030,7 @@ workflows:
             - unit_test
             - integ_react_predictions
             - integ_react_datastore
+            - integ_react_datastore_multi_auth
             - integ_react_storage
             - integ_react_storage_multipart_progress
             - integ_react_storage_ui

packages/api-graphql/src/GraphQLAPI.ts

@@ -26,7 +26,7 @@ import {
 import PubSub from '@aws-amplify/pubsub';
 import Auth from '@aws-amplify/auth';
 import Cache from '@aws-amplify/cache';
-import { GraphQLOptions, GraphQLResult } from './types';
+import { GraphQLAuthError, GraphQLOptions, GraphQLResult } from './types';
 import { RestClient } from '@aws-amplify/api-rest';
 const USER_AGENT_HEADER = 'x-amz-user-agent';
 
@@ -125,7 +125,7 @@ export class GraphQLAPIClass {
 		switch (authenticationType) {
 			case 'API_KEY':
 				if (!apiKey) {
-					throw new Error('No api-key configured');
+					throw new Error(GraphQLAuthError.NO_API_KEY);
 				}
 				headers = {
 					Authorization: null,
@@ -135,33 +135,41 @@ export class GraphQLAPIClass {
 			case 'AWS_IAM':
 				const credentialsOK = await this._ensureCredentials();
 				if (!credentialsOK) {
-					throw new Error('No credentials');
+					throw new Error(GraphQLAuthError.NO_CREDENTIALS);
 				}
 				break;
 			case 'OPENID_CONNECT':
-				let token;
-				// backwards compatibility
-				const federatedInfo = await Cache.getItem('federatedInfo');
-				if (federatedInfo) {
-					token = federatedInfo.token;
-				} else {
-					const currentUser = await Auth.currentAuthenticatedUser();
-					if (currentUser) {
-						token = currentUser.token;
+				try {
+					let token;
+					// backwards compatibility
+					const federatedInfo = await Cache.getItem('federatedInfo');
+					if (federatedInfo) {
+						token = federatedInfo.token;
+					} else {
+						const currentUser = await Auth.currentAuthenticatedUser();
+						if (currentUser) {
+							token = currentUser.token;
+						}
 					}
+					if (!token) {
+						throw new Error(GraphQLAuthError.NO_FEDERATED_JWT);
+					}
+					headers = {
+						Authorization: token,
+					};
+				} catch (e) {
+					throw new Error(GraphQLAuthError.NO_CURRENT_USER);
 				}
-				if (!token) {
-					throw new Error('No federated jwt');
-				}
-				headers = {
-					Authorization: token,
-				};
 				break;
 			case 'AMAZON_COGNITO_USER_POOLS':
-				const session = await this.Auth.currentSession();
-				headers = {
-					Authorization: session.getAccessToken().getJwtToken(),
-				};
+				try {
+					const session = await this.Auth.currentSession();
+					headers = {
+						Authorization: session.getAccessToken().getJwtToken(),
+					};
+				} catch (e) {
+					throw new Error(GraphQLAuthError.NO_CURRENT_USER);
+				}
 				break;
 			default:
 				headers = {

packages/api-graphql/src/index.ts

@@ -12,7 +12,7 @@
  */
 
 import { GraphQLAPI } from './GraphQLAPI';
-export { GraphQLResult, GRAPHQL_AUTH_MODE } from './types';
+export { GraphQLResult, GraphQLAuthError, GRAPHQL_AUTH_MODE } from './types';
 export { GraphQLAPI, GraphQLAPIClass, graphqlOperation } from './GraphQLAPI';
 export * from './types';
 export default GraphQLAPI;

packages/api-graphql/src/types/index.ts

@@ -34,3 +34,10 @@ export interface GraphQLResult<T = object> {
 		[key: string]: any;
 	};
 }
+
+export enum GraphQLAuthError {
+	NO_API_KEY = 'No api-key configured',
+	NO_CURRENT_USER = 'No current user',
+	NO_CREDENTIALS = 'No credentials',
+	NO_FEDERATED_JWT = 'No federated jwt',
+}

packages/api/src/index.ts

@@ -17,6 +17,7 @@ export { API, APIClass } from './API';
 export {
 	graphqlOperation,
 	GraphQLResult,
+	GraphQLAuthError,
 	GRAPHQL_AUTH_MODE,
 } from '@aws-amplify/api-graphql';
 

packages/api/src/types/index.ts

@@ -18,6 +18,7 @@
  */
 export {
 	graphqlOperation,
+	GraphQLAuthError,
 	GraphQLResult,
 	GRAPHQL_AUTH_MODE,
 } from '@aws-amplify/api-graphql';

packages/aws-amplify/__tests__/exports-test.ts

@@ -17,6 +17,7 @@ describe('aws-amplify', () => {
 			  "API",
 			  "APIClass",
 			  "graphqlOperation",
+			  "AuthModeStrategyType",
 			  "DataStore",
 			  "Predicates",
 			  "SortDirection",

packages/aws-amplify/src/index.ts

@@ -34,6 +34,7 @@ export { Auth } from '@aws-amplify/auth';
 export { Storage, StorageClass } from '@aws-amplify/storage';
 export { API, APIClass, graphqlOperation } from '@aws-amplify/api';
 export {
+	AuthModeStrategyType,
 	DataStore,
 	Predicates,
 	SortDirection,