AdminLinkProviderForUser is Not Available in Grant Access to Auth Resources #3070
Description
Environment information
System:
OS: macOS 15.7.3
CPU: (11) arm64 Apple M3 Pro
Memory: 253.25 MB / 18.00 GB
Shell: /bin/zsh
Binaries:
Node: 22.11.0 - /Users/briansc/.nvm/versions/node/v22.11.0/bin/node
Yarn: 1.22.22 - /opt/homebrew/bin/yarn
npm: 11.6.1 - /Users/briansc/.nvm/versions/node/v22.11.0/bin/npm
pnpm: undefined - undefined
NPM Packages:
@aws-amplify/auth-construct: 1.10.0
@aws-amplify/backend: 1.19.0
@aws-amplify/backend-ai: Not Found
@aws-amplify/backend-auth: 1.9.0
@aws-amplify/backend-cli: 1.8.1
@aws-amplify/backend-data: 1.6.2
@aws-amplify/backend-deployer: 2.1.4
@aws-amplify/backend-function: 1.15.2
@aws-amplify/backend-output-schemas: 1.7.1
@aws-amplify/backend-output-storage: 1.3.2
@aws-amplify/backend-secret: 1.4.2
@aws-amplify/backend-storage: 1.4.2
@aws-amplify/cli-core: 2.2.3
@aws-amplify/client-config: 1.9.1
@aws-amplify/data-construct: 1.16.3
@aws-amplify/data-schema: 1.22.0
@aws-amplify/deployed-backend-client: 1.8.1
@aws-amplify/form-generator: 1.2.6
@aws-amplify/model-generator: 1.2.2
@aws-amplify/platform-core: 1.10.3
@aws-amplify/plugin-types: 1.11.1
@aws-amplify/sandbox: 2.1.4
@aws-amplify/schema-generator: 1.4.1
@aws-cdk/toolkit-lib: 1.6.1
aws-amplify: 6.15.9
aws-cdk-lib: 2.232.2
typescript: 5.9.3
No AWS environment variables
No CDK environment variables
Describe the bug
We still have to manually add idp cogito AdminLinkProviderForUser permissions in the backend, but this should be made available directly in AuthActions. It's not described in the amplify docs anywhere and seems to be a common use case for anyone offering OAuth alongside standard signup behaviors.
https://docs.amplify.aws/react/build-a-backend/auth/grant-access-to-auth-resources/
Reproduction steps
Error:
Type '"adminLinkProviderForUser"' is not assignable to type 'AuthAction'.ts(2322)
Sample Code:
import { defineAuth, secret } from "@aws-amplify/backend";
import { postConfirmation } from "../function/postConfirmation/resource";
import { preSignUp } from "../function/preSignUp/resource";
export const auth = defineAuth({
loginWith: {
email: true,
externalProviders: {
google: {
clientId: secret("GOOGLE_CLIENT_ID"),
clientSecret: secret("GOOGLE_CLIENT_SECRET"),
scopes: ["openid", "email", "profile"],
attributeMapping: {
email: "email",
profilePicture: "picture",
fullname: "name",
},
},
signInWithApple: {
clientId: secret("SIWA_CLIENT_ID"),
keyId: secret("SIWA_KEY_ID"),
privateKey: secret("SIWA_PRIVATE_KEY"),
teamId: secret("SIWA_TEAM_ID"),
scopes: ["name", "email"],
},
callbackUrls: [
"http://localhost:3000/",
],
logoutUrls: [
"http://localhost:3000",
],
},
},
triggers: {
postConfirmation,
preSignUp
},
access: (allow) => [
allow
.resource(preSignUp)
.to(['adminLinkProviderForUser']), // ERROR Grant the specific Cognito API permission ERROR
]
});