Amplify runWithAmplifyServerContext not working with existing userpools not generated by amplify

[Sizlers]

Before opening, please confirm:

• I have searched for duplicate or closed issues and discussions.
• I have read the guide for submitting bug reports.
• I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

Next.js

Amplify APIs

Authentication

Amplify Categories

auth

Environment information

# Put output below this line
  System:
    OS: macOS 13.3.1
    CPU: (12) x64 Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
    Memory: 459.38 MB / 16.00 GB
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 20.9.0 - /usr/local/bin/node
    Yarn: 1.22.10 - /usr/local/bin/yarn
    npm: 10.1.0 - /usr/local/bin/npm
    Watchman: 2022.11.14.00 - /usr/local/bin/watchman
  Browsers:
    Chrome: 118.0.5993.117
    Firefox: 107.0.1
    Safari: 16.4
  npmPackages:
    @ampproject/toolbox-optimizer:  undefined ()
    @aws-amplify/adapter-nextjs: ^0.0.2-next.a1ea0f2.0 => 0.0.2-next.a1ea0f2.0+a1ea0f2 
    @aws-amplify/adapter-nextjs/with-amplify:  undefined ()
    @aws-cdk/dns_validated_certificate_handler:  0.0.0 
    @babel/core:  undefined ()
    @babel/runtime:  7.15.4 
    @edge-runtime/cookies:  3.4.1 
    @edge-runtime/ponyfill:  2.4.0 
    @edge-runtime/primitives:  3.1.1 
    @hapi/accept:  undefined ()
    @headlessui/react: ^1.7.17 => 1.7.17 
    @headlessui/tailwindcss: ^0.2.0 => 0.2.0 
    @heroicons/react: ^2.0.18 => 2.0.18 
    @hookform/resolvers: ^3.3.2 => 3.3.2 
    @hookform/resolvers/ajv:  1.0.0 
    @hookform/resolvers/arktype:  1.0.0 
    @hookform/resolvers/class-validator:  1.0.0 
    @hookform/resolvers/computed-types:  1.0.0 
    @hookform/resolvers/io-ts:  1.0.0 
    @hookform/resolvers/joi:  1.0.0 
    @hookform/resolvers/nope:  1.0.0 
    @hookform/resolvers/superstruct:  1.0.0 
    @hookform/resolvers/typanion:  1.0.0 
    @hookform/resolvers/typebox:  1.0.0 
    @hookform/resolvers/valibot:  1.0.0 
    @hookform/resolvers/vest:  1.0.0 
    @hookform/resolvers/yup:  1.0.0 
    @hookform/resolvers/zod:  1.0.0 
    @mswjs/interceptors:  undefined ()
    @napi-rs/triples:  undefined ()
    @next/font:  undefined ()
    @next/react-dev-overlay:  undefined ()
    @opentelemetry/api:  undefined ()
    @segment/ajv-human-errors:  undefined ()
    @tailwindcss/forms: ^0.5.3 => 0.5.6 
    @types/node: 20.4.6 => 20.8.2 
    @types/react: 18.2.18 => 18.2.25 
    @types/react-dom: 18.2.7 => 18.2.10 
    @vercel/nft:  undefined ()
    @vercel/og:  undefined ()
    acorn:  undefined ()
    amphtml-validator:  undefined ()
    anser:  undefined ()
    arg:  undefined ()
    assert:  undefined ()
    async-retry:  undefined ()
    async-sema:  undefined ()
    autoprefixer: ^10.4.12 => 10.4.16 
    aws-amplify: ^6.0.1-next.a1ea0f2.0 => 6.0.1-next.a1ea0f2.0+a1ea0f2 
    aws-amplify/analytics:  undefined ()
    aws-amplify/analytics/pinpoint:  undefined ()
    aws-amplify/auth:  undefined ()
    aws-amplify/auth/cognito:  undefined ()
    aws-amplify/auth/cognito/server:  undefined ()
    aws-amplify/auth/server:  undefined ()
    aws-amplify/internals/adapter-core:  undefined ()
    aws-amplify/storage:  undefined ()
    aws-amplify/storage/s3:  undefined ()
    aws-amplify/storage/s3/server:  undefined ()
    aws-amplify/storage/server:  undefined ()
    aws-cdk-lib: 2.101.1 => 2.101.1 
    babel-packages:  undefined ()
    browserify-zlib:  undefined ()
    browserslist:  undefined ()
    buffer:  undefined ()
    bytes:  undefined ()
    ci-info:  undefined ()
    cli-select:  undefined ()
    client-only:  0.0.1 
    clsx: ^2.0.0 => 2.0.0 
    comment-json:  undefined ()
    compression:  undefined ()
    conf:  undefined ()
    constants-browserify:  undefined ()
    constructs: 10.2.69 => 10.2.69 
    content-disposition:  undefined ()
    content-type:  undefined ()
    cookie:  undefined ()
    cross-spawn:  undefined ()
    crypto-browserify:  undefined ()
    css.escape:  undefined ()
    data-uri-to-buffer:  undefined ()
    debug:  undefined ()
    devalue:  undefined ()
    domain-browser:  undefined ()
    edge-runtime:  undefined ()
    eslint: ^8 => 8.53.0 
    eslint-config-next: 14.0.1 => 14.0.1 
    events:  undefined ()
    find-cache-dir:  undefined ()
    find-up:  undefined ()
    fresh:  undefined ()
    get-orientation:  undefined ()
    glob:  undefined ()
    gzip-size:  undefined ()
    http-proxy:  undefined ()
    http-proxy-agent:  undefined ()
    https-browserify:  undefined ()
    https-proxy-agent:  undefined ()
    icss-utils:  undefined ()
    ignore-loader:  undefined ()
    image-size:  undefined ()
    is-animated:  undefined ()
    is-docker:  undefined ()
    is-wsl:  undefined ()
    jest-worker:  undefined ()
    json5:  undefined ()
    jsonwebtoken:  undefined ()
    loader-runner:  undefined ()
    loader-utils:  undefined ()
    lodash.curry:  undefined ()
    lru-cache:  undefined ()
    lucide-react: ^0.284.0 => 0.284.0 
    micromatch:  undefined ()
    mini-css-extract-plugin:  undefined ()
    nanoid:  undefined ()
    native-url:  undefined ()
    neo-async:  undefined ()
    next: 13.5.4 => 13.5.4 
    node-fetch:  undefined ()
    node-html-parser:  undefined ()
    ora:  undefined ()
    os-browserify:  undefined ()
    p-limit:  undefined ()
    path-browserify:  undefined ()
    platform:  undefined ()
    postcss: ^8 => 8.4.31 
    postcss-flexbugs-fixes:  undefined ()
    postcss-modules-extract-imports:  undefined ()
    postcss-modules-local-by-default:  undefined ()
    postcss-modules-scope:  undefined ()
    postcss-modules-values:  undefined ()
    postcss-preset-env:  undefined ()
    postcss-safe-parser:  undefined ()
    postcss-scss:  undefined ()
    postcss-value-parser:  undefined ()
    prettier: ^3.0.1 => 3.0.3 
    prettier-plugin-tailwindcss: ^0.5.2 => 0.5.6 
    process:  undefined ()
    punycode:  undefined ()
    querystring-es3:  undefined ()
    raw-body:  undefined ()
    react: ^18 => 18.2.0 
    react-builtin:  undefined ()
    react-dom: ^18 => 18.2.0 
    react-dom-builtin:  undefined ()
    react-dom-experimental-builtin:  undefined ()
    react-experimental-builtin:  undefined ()
    react-hook-form: ^7.47.0 => 7.47.0 
    react-is:  18.2.0 
    react-refresh:  0.12.0 
    react-server-dom-webpack-builtin:  undefined ()
    react-server-dom-webpack-experimental-builtin:  undefined ()
    regenerator-runtime:  0.13.4 
    sass-loader:  undefined ()
    scheduler-builtin:  undefined ()
    scheduler-experimental-builtin:  undefined ()
    schema-utils:  undefined ()
    semver:  undefined ()
    send:  undefined ()
    server-only:  0.0.1 
    setimmediate:  undefined ()
    sharp: ^0.32.0 => 0.32.6 
    shell-quote:  undefined ()
    source-map:  undefined ()
    sst: ^2.32.2 => 2.34.3 
    stacktrace-parser:  undefined ()
    stream-browserify:  undefined ()
    stream-http:  undefined ()
    string-hash:  undefined ()
    string_decoder:  undefined ()
    strip-ansi:  undefined ()
    superstruct:  undefined ()
    tailwind-merge: ^1.14.0 => 1.14.0 
    tailwindcss: ^3.3.3 => 3.3.3 
    tailwindcss-animate: ^1.0.7 => 1.0.7 
    tar:  undefined ()
    terser:  undefined ()
    text-table:  undefined ()
    timers-browserify:  undefined ()
    tty-browserify:  undefined ()
    typescript: 5.1.6 => 5.2.2 (5.0.2)
    ua-parser-js:  undefined ()
    undici:  undefined ()
    unistore:  undefined ()
    util:  undefined ()
    vm-browserify:  undefined ()
    watchpack:  undefined ()
    web-vitals:  undefined ()
    webpack:  undefined ()
    webpack-sources:  undefined ()
    ws:  undefined ()
    zod: ^3.22.4 => 3.22.4 
  npmGlobalPackages:
    @aws-amplify/cli: 12.7.1
    @sanity/cli: 2.12.2
    @vue/cli: 4.4.1
    corepack: 0.20.0
    expo-cli: 3.24.0
    firebase-tools: 9.10.2
    gatsby-cli: 2.12.109
    n: 7.5.0
    npm: 10.1.0
    react-native-cli: 2.0.1
    serverless: 2.61.0
    ts-node: 10.4.0
    yarn: 1.22.10

Describe the bug

When I use an existing cognito userpool/client app everything works as expected on the client side, being able to log in/register/sign out.

However the session is not getting picked up in NextJS's middleware.

Adding auth through amplify works as expected however and the session is getting passed through to the middleware.

On the amplify userpool, I then created a app client with the default settings:

Settings:
App type: Public Client
App client name: test-client
Client secret: Don't generate a client secret
Authentication flows: ALLOW_USER_SRP_AUTH
Authentication flow session duration: 3 minutes
Refresh token expiration: 30 days
Access token expiration: 60 minutes
ID token expiration: 60 minutes
Enable token revocation: true
Prevent user existence errors: true

Then plugged in that application client, and the issue returns.

Expected behavior

runWithAmplifyServerContext to detect session with userpools not generated through amplify

Reproduction steps

Install the following project: https://github.com/nadetastic/amplify-v6-ssr-dev-preview

Add a pre-existing userpool client pool via the config which wasn't generated via amplify.

Register then login on the client side

See session not getting picked up on the serverside

Code Snippet

// Put your code below this line.

Log output

// Put your logs below this line

aws-exports.js

No response

Manual configuration

{
"aws_cognito_region": "eu-west-2",
"aws_user_pools_id": "eu-west-2_Nxov6QmH3",
"aws_user_pools_web_client_id": "5kn63dvgueufnhoi88r05vurl5",
}

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

[HuiSF]

Hi @Sizlers thanks for trying out the Next.js adapter. Have you configured Amplify on the client side specifying the "SSR" use case?

Amplify.configure({
  ... // your Amplify config object
}, {
  ssr: true, // instruct the client to using cookie store storing auth tokens
})

If you have done so, could you check if the tokens are presented in the cookie store? Also check the requests sent out to your Next.js server, have cookies header containing the tokens stored in the cookie store?

[cwomack]

@Sizlers, can you also clarify how the Auth resources were created (i.e. through Cognito Console, were existing from previous app, etc) when you say they were not generated via amplify? Thanks!

[adithep]

I have the same problem, I checked the cookie is not in the cookie store, even though the ?code=*** exist in the url param, it is not being consumed by amplify.

[HuiSF]

Hi @adithep in what sign in flow you are seeing this issue? You mentioned ?code query parameter, is that the OAuth flow? Can you give details of your set up, and how did you trigger this issue?

[rallona]

Same problem to me y Nextjs with SSR:

This function doesnt work:

const currentUser = await runWithAmplifyServerContext({
      nextServerContext: { cookies },
      operation: (contextSpec) => getCurrentUser(contextSpec)
    });

Neither this one:

  const currentUser = await runWithAmplifyServerContext({

        nextServerContext: { cookies },
        operation: async (contextSpec) => {
          try {
            const session = await fetchAuthSession(contextSpec);

The error is the same to me: NotAuthorizedException: Unauthenticated access is not supported for this identity pool.

[cwomack]

@Sizlers and @adithep, circling back to this issue now that we're well past the pre-release versions of v6. Have either of you tried to upgrade to the most recent versions of Amplify v6 and see if you're still experiencing this issue?

@rallona, the v6 fetchAuthSession() API will potentially fail in that way if the identityPool is not set up properly. If you're still experiencing this issue, can you check the identityPool to ensure it matches with the userPoolId? In the event this persists, we'll ask you to open a new issue tied to this because it appears to be different than what @Sizlers is experiencing.

[cwomack]

Closing this issue as we have not heard back from you. If you are still experiencing this, please feel free to reply back and provide any information previously requested and we'd be happy to re-open the issue.

Thank you!