I have an Amplify app using Cognito for userpool authentication. Once a user has signed up and used the code sent via email (all Cognito functionality), they are passed to a custom form where additional information is captured. On submit a lambda function is executed that should:
- Create a group in Cognito
- Add the user to the group
- Create a record in a DynamoDB table and use the group name created in step 1. in a "writeGroups" fields referenced in the schema for allow.groupsDefinedIn('writeGroups')
The lambda function deploys nicely as part of my sandbox, and permissions have been granted for allow.resource(createAccount).to(["manageGroups", "addUserToGroup", "manageGroupMembership"])}
as well as modifying DynamoDB data. However as soon as either CognitoIdentityProviderClient
or await client.models.User.create(user)
are hit from inside the lambda function, I get the following error from Graphql API No federated jwt
. Example of code used:
const user = {
userId: userId,
...
};
const { data, errors} = await client.models.User.create(user); <-- `No federated jwt` error thrown here
Or
const cognitoClient = new CognitoIdentityProviderClient();
const userGroup = {
GroupName: `GroupName`,
Precedence: 1,
Description: `Description`,
UserPoolId: userPoolId,
};
const createCommand = new CreateGroupCommand(userGroup);
const response = await cognitoClient.send(createCommand ); <-- `No federated jwt` error thrown here
The examples in the Amplify Gen 2 documentation don't cover this scenario. What am I missing?