Custom userPoolEndpoint does not take effect in Next.js adapter and custom identityPoolEndpoint is unsupported

[tonestrike]

Is this related to a new or existing framework?

Next.js

Is this related to a new or existing API?

Authentication

Is this related to another service?

No response

Describe the feature you'd like to request

This is my configuration:

{
	Auth: {
		Cognito: {
			userPoolEndpoint: process.env.NEXT_PUBLIC_COGNITO_POOL_ENDPOINT,
			userPoolId: process.env.NEXT_PUBLIC_COGNITO_USER_POOL_ID!,
			identityPoolId: process.env.NEXT_PUBLIC_COGNITO_IDENTITY_POOL_ID!,
			userPoolClientId: process.env.NEXT_PUBLIC_COGNITO_CLIENT_ID!,
			signUpVerificationMethod: 'code',
			allowGuestAccess: true,
			loginWith: {
				email: true,
			},
		},
	},
}

My userPoolEndpoint points to LocalStack. Everything works correctly on the client side, but on the server side, Amplify is not able to parse the cookies and return the current user.

If I use an AWS hosted Cognito User Pool, everything works as expected. My assumption is that userPoolEndpoint is not supported on the server side.

This is the error:

[ResourceNotFoundException: IdentityPool 'us-east-1:7b676de5-ed4a-4750-95f5-223e8d95102d' not found.] {
  name: 'ResourceNotFoundException',
  $metadata: {
  attempts: 1,
  httpStatusCode: 400,
  requestId: '58fa10e9-e0be-4a81-b785-7611deed288c',
  extendedRequestId: undefined,
  cfId: undefined
}

This is my middleware:

export async function middleware(request: NextRequest) {
	const response = NextResponse.next()

	const authenticated = await runWithAmplifyServerContext({
		nextServerContext: { request, response },
		operation: async (contextSpec) => {
			try {
				const session = await fetchAuthSession(contextSpec)

				return session.tokens?.accessToken !== undefined && session.tokens?.idToken !== undefined
			} catch (error) {
				console.log(error)
				return false
			}
		},
	})

	if (authRoutes.includes(request.nextUrl.pathname)) {
		if (authenticated) {
			return NextResponse.redirect(new URL('/', request.url))
		}

		return response
	}

	if (authenticated) {
		return response
	}

	return NextResponse.redirect(new URL('/login', request.url))
}

Describe the solution you'd like

Support userPoolEndpoint on the server side using @aws-amplify/adapter-nextjs.

Describe alternatives you've considered

Looked into work arounds and could not find one.

Additional context

No response

Is this something that you'd be interested in working on?

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

[cwomack]

Hello, @tonestrike and thanks for opening this issue. This is my first time seeing LocalStack (assuming you mean this, right?) and trying to understand how you've implemented it in your Next.JS app. It looks like LocalStack points to a localhost endpoint address. But the Amplify source code is always assuming a local call being made is going to the Cognito endpoint. Is the ask here to allow for a configurable (rather than hard coded) endpoint that can be used with something like LocalStack?

I've marked this as a feature request that we'll review internally and with our product team. If there's further questions or updates, we'll let you know. Thanks!

[tonestrike]

Yes, exactly! The client side amplify sdk supports an override to the endpoint. In addition, you can customize the cognito domain so even outside of the context of local development, this would be helpful.

[HuiSF]

To clarify, given the current state of the library:

• Supported: customizing the endpoint for only the Cognito User Pool on both the client side and server side
• Not supported: customizing the endpoint for the Cognito Identity Pool on either the client side or the server side

[HuiSF]

After digging into the source code, the endpoint resolver for resolving the custom user pool function relies on the Amplify singleton that's used on the client side. This may cause the custom endpoint to NOT be resolved within the context of runWithAmplifyServerContext() on the server side. I will mark this as a bug as well to fix.

In addition, I noticed this PR #13552 which should fulfill the feature request overriding the identity pool endpoint.