Solved: Re: Webhook HTTP header for AWS API

dbaum · 07-02-2022 07:52 PM

I'm trying to create a webhook task to post a request to the Amazon Cognito user pools API. I'm having trouble figuring out the HTTP header that's required for signing the request. Has anyone else figured out a solution for invoking an AWS API from AppSheet? As always, any guidance is appreciated.

Jonathon

I got this working with this library you shared.

Your actions should be called as AWSCognitoIdentityProviderService.{action}
You need the header 'Content-Type': 'application/x-amz-json-1.1'

function DescribeUserPool() {
  AWS.init('accessKey', 'secretKey')
  let service = 'cognito-idp'
  let action = 'AWSCognitoIdentityProviderService.DescribeUserPool'
  let params = {}
  let region = 'us-east-1'
  let method = 'POST'
  let payload = {'UserPoolId': 'userPoolId'}
  let headers = {'Content-Type': 'application/x-amz-json-1.1'}
  let response = AWS.request(service,action,params,region,method,payload,headers)
  Logger.log(response)
}

View solution in original post

dbaum

@Grant_Stead, I'm trying to accomplish exactly what, in another thread, you described that you've implemented:

someone can create a user in the app, and everything is handled from there by AWS

Would you be able to provide guidance regarding getting the webhook task to work? I think my obstacle is the authorization, which I believe needs to be in the request's HTTP Headers. Based on the AWS documentation, it sounds like for the request to be properly signed, it needs to be iteratively hashed per a protocol that AWS can replicate. If that's correct, I don't see any way to do that within AppSheet; if that's not correct, I don't see how to structure the request so that AWS will accept it--i.e., know it's authorized for my account's Cognito user pool.

SkrOYC

I suspect that any API that depends on a token that's obtained via auth won't be supported inside AppSheet, unless there is a more open alternative for auth inside AppSheet that could make use of some global variables or similar where a username, useremail, uuid, token/key, etc is available from the Auth provider response

dbaum

Thanks. I'm not sure whether this is what you're saying, but my reference to "authorization" wasn't to any on-demand token provided via an Auth process. I was just referencing that the AWS documentation says a header labeled "Authorization" is required; its required components include my AWS user account's static secret key, which I have.

Regardless, @Grant_Stead's post that I linked to says it's been successfully implemented. So, I'm optimistic.

SkrOYC

So it should work with no problem at all.

Webhooks have a section for you to provide a header

dbaum

Yes, I hope it's possible to make it work. My challenge is conforming the content that I put in the header to the AWS specs.

SkrOYC

@dbaum wrote:
My challenge is conforming the content that I put in the header to the AWS specs.

Now I get it, sorry!

Jonathon

AppSheet can't sign AWS API requests - you need to either:

Call an external function (e.g. Google App Script) to sign and make the request;
Use an API Gateway endpoint; or
Use the new AWS Lambda http endpoints

dbaum

Thanks for confirming, @Jonathon. Do you happen to have or know of a shareable GAS script for accessing AWS APIs--or, at least, the Cognito API? In searching pretty thoroughly online, I've found only a couple (one here and another here), and I can't get it to work. Even with a simple DescribeUserPool action I'm trying for testing all I can get returned from Cognito is the following error:

{"code":"BadRequest","message":"The server did not understand the operation that was requested.","type":"client"}

Or, @Grant_Stead, can you describe your implementation that enables you to "create a user in the app, and everything is handled from there by AWS"?

Jonathon

I've never went the GAS script route for Cognito, so I can't comment. That is an interesting library though, I'll see if I can't get it working on my end and follow up.

dbaum

Thanks a lot! Of course, I recognize that the issue may be that I'm not structuring the function parameters accurately--although I've certainly tried lots of permutations. Or maybe there's some additional header that I'm not realizing needs to be included. If you're more experienced and proficient in Cognito API calls, maybe the necessary syntax will be clearer to you.

If you've already successfully implemented user management via connections from AppSheet to API Gateway or a Lambda endpoint and can point me to a guide or tutorial, that would also be welcome. I'm happy to try any approach that I can get to work.

Jonathon

I got this working with this library you shared.

Your actions should be called as AWSCognitoIdentityProviderService.{action}
You need the header 'Content-Type': 'application/x-amz-json-1.1'

function DescribeUserPool() {
  AWS.init('accessKey', 'secretKey')
  let service = 'cognito-idp'
  let action = 'AWSCognitoIdentityProviderService.DescribeUserPool'
  let params = {}
  let region = 'us-east-1'
  let method = 'POST'
  let payload = {'UserPoolId': 'userPoolId'}
  let headers = {'Content-Type': 'application/x-amz-json-1.1'}
  let response = AWS.request(service,action,params,region,method,payload,headers)
  Logger.log(response)
}

dbaum

SO KIND!!!!

Thanks a million, @Jonathon. That worked directly for DescribeUserPool, and and enabled me to quickly get working what I really need, which is AdminCreateUser. Will now move on to other CRUD actions in managing users.