in aws-api/src/main/java/com/amplifyframework/api/aws/auth/ApiRequestDecoratorFactory.java [109:195]
public RequestDecorator forAuthType(@NonNull AuthorizationType authorizationType) throws ApiAuthException {
switch (authorizationType) {
case AMAZON_COGNITO_USER_POOLS:
// Note that if there was no user-provided cognito provider passed in to initialize
// the API plugin, we will try to default to using the DefaultCognitoUserPoolsAuthProvider.
// If that fails, we then have no choice but to bubble up the error.
CognitoUserPoolsAuthProvider cognitoUserPoolsAuthProvider =
apiAuthProviders.getCognitoUserPoolsAuthProvider() != null ?
apiAuthProviders.getCognitoUserPoolsAuthProvider() :
new DefaultCognitoUserPoolsAuthProvider();
// By calling getLatestAuthToken() here instead of inside the lambda block, makes the exception
// handling a little bit cleaner. If getLatestAuthToken() is called from inside the lambda expression
// below, we'd have to surround it with a try catch. By doing it this way, if there's a problem,
// the ApiException will just be bubbled up. Same for OPENID_CONNECT.
final String token;
try {
token = cognitoUserPoolsAuthProvider.getLatestAuthToken();
} catch (ApiException exception) {
throw new ApiAuthException("Failed to retrieve auth token from Cognito provider.",
exception,
"Check the application logs for details.");
}
return new TokenRequestDecorator(() -> token);
case OPENID_CONNECT:
if (apiAuthProviders.getOidcAuthProvider() == null) {
throw new ApiAuthException("Attempting to use OPENID_CONNECT authorization " +
"without an OIDC provider.",
"Configure an OidcAuthProvider when initializing " +
"the API plugin.");
}
final String oidcToken;
try {
oidcToken = apiAuthProviders.getOidcAuthProvider().getLatestAuthToken();
} catch (ApiException exception) {
throw new ApiAuthException("Failed to retrieve auth token from OIDC provider.",
exception,
"Check the application logs for details.");
}
return new TokenRequestDecorator(() -> oidcToken);
case AWS_LAMBDA:
if (apiAuthProviders.getFunctionAuthProvider() == null) {
throw new ApiAuthException("Attempting to use AWS_LAMBDA authorization " +
"without a provider implemented.",
"Configure a FunctionAuthProvider when initializing the API plugin.");
}
final String functionToken;
try {
functionToken = apiAuthProviders.getFunctionAuthProvider().getLatestAuthToken();
} catch (ApiException exception) {
throw new ApiAuthException("Failed to retrieve auth token from function auth provider.",
exception,
"Check the application logs for details.");
}
return new TokenRequestDecorator(() -> functionToken);
case API_KEY:
if (apiAuthProviders.getApiKeyAuthProvider() != null) {
return new ApiKeyRequestDecorator(apiAuthProviders.getApiKeyAuthProvider());
} else if (apiKey != null) {
return new ApiKeyRequestDecorator(() -> apiKey);
} else {
throw new ApiAuthException("Attempting to use API_KEY authorization without " +
"an API key provider or an API key in the config file",
"Verify that an API key is in the config file or an " +
"ApiKeyAuthProvider is setup during the API " +
"plugin initialization.");
}
case AWS_IAM:
AWSCredentialsProvider credentialsProvider = apiAuthProviders.getAWSCredentialsProvider() != null
? apiAuthProviders.getAWSCredentialsProvider()
: getDefaultCredentialsProvider();
final AWS4Signer signer;
final String serviceName;
if (endpointType == EndpointType.GRAPHQL) {
signer = new AppSyncV4Signer(region);
serviceName = APP_SYNC_SERVICE_NAME;
} else {
signer = new ApiGatewayIamSigner(region);
serviceName = API_GATEWAY_SERVICE_NAME;
}
return new IamRequestDecorator(signer, credentialsProvider, serviceName);
case NONE:
default:
return NO_OP_REQUEST_DECORATOR;
}
}