I want to use the Amplify client to connect to an AppSync service. I want to use IAM_AUTH for AppSync and to federate login with my OIDC to a Cognito Identity Pool (I set up a trust relationship from the pool to the OIDC provider).
The Amplify the docs mention how you can skip the user pool, and go directly to an identity pool. It doesn't mention if the request will be automatically SigV4 signed, however.
Elsewhere the Amplify docs mention that requests will automatically be sigv4 signed if you use a Cognito user pool AND an identity pool.
If you skip the user pool, will Amplify still sigv4 sign the request automatically? If not, how would you configure Amplify to sign the request?
Thanks
Looks like Amplify will automatically sigv4 sign the GraphQL request if AWS credentials are available.
Looks like some kind of header gets set in the request:
If you set auth type to AWS_IAM then _ensureCredentials is called:
https://github.com/aws-amplify/amplify-js/blob/main/packages/api-graphql/src/GraphQLAPI.ts#L141
which checks credentials with this.Credentials.get()
https://github.com/aws-amplify/amplify-js/blob/main/packages/api-graphql/src/GraphQLAPI.ts#L141
The Auth class uses the Credentials module, and the currentCredentials() function will call credentials.get():
https://github.com/aws-amplify/amplify-js/blob/main/packages/auth/src/Auth.ts#L1920
If you check the Amplify Auth0 example, Auth.currentCredentials() will return current AWS credentials I think.