Focus Areas for Q4 2023

[abdallahshaban557]

Hello everyone,

We wanted to inform you we have published a page in our wiki detailing our Focus Areas for 2023. We wanted to make sure you know what we are working on, and get your feedback as we move forward.

[rpostulart]

aws-amplify/amplify-swift#1005

Is this still on the backlog?

[abdallahshaban557]

Hello @rpostulart - unfortunately, this issue did not make the cut for our 2023 focus areas. We will keep you informed on that issue when we have updates.

[codingnuclei]

Really interested in the webAuthN solution. We have managed to build a solution with cognito and amplifyJS that enables user to use a one time code or their biometrics.

The tricky part with the webauthn was the server aspect of how cognito lambda triggers don't pass session data been the triggers you need it to.

Then there is a tricky Ui/Ux challenge. Unless it changed recently you can not tell if a user has a passkey for your domain. Meaning how you present the auth flow to the user can be challenging. Conditional UI does aid slightly but still requires a user to add their username.

Interested to see your approach for both aspects👍

[abdallahshaban557]

Hi @codingnuclei - thank you so much for this feedback - this is coming at an excellent time since we are going through our design. We are excited to share more as we have our design in a better spot!

[codingnuclei]

@abdallahshaban557 excellent. Would be happy to set some time aside to discuss our findings further. Just reach out if needed!

[abdallahshaban557]

Got it @codingnuclei - will reach out when we are at a closer point to sharing our designs!

[oe-bayram]

We use the Amplify Framework for creating large ERP systems and encounter some scalability limitations, especially concerning these issues:

• Stack Mapping Fails (V2 Transformer Migration)  amplify-category-api#32
• RFC: Plugins support in Amplify Codegen amplify-cli#6898

What's the status of these issues? Will they also be included in the Focus Areas for Q4 2023?

[abdallahshaban557]

Hi @oe-bayram - Thank you for reaching out!

on the stack mapping issue, our team is still investigating this with the support of the AppSync team to overcome this limitation. We will keep providing updates on that issue when we have a path forward. We do not have a clear ETA yet.

For the Plugins support - can you please elaborate on your use case here? What are you looking for specifically?

[SilverLinings89]

• In our project we use dynamic group auth for projects that our users share. This has repeatedly been an issue and it often seems like multi-tennancy / dynamic group auth is not really intended. Some issues were: circular dependency hell, not being able to use datastore, having to add a custom resolver to add the group claims even though this is a pretty standard use-case.
• Another auth issue is automatic account merging (someone signs up using email and password with a google account and next time they use google sign in. It would be cool if this was covered out of the box.
• Getting rid of CommonJS modules would be nice for tree shaking and bundle size optimization. We use Angular and the builder warns about most / all Amplify packages that CommonJS should be avoided.
• We are now building a mobile app to go with the webapp and for that we are using React Native (mainly because the Amplify Team seems to focus on React first, so we wanted to take advantage of that) but we were surprised that the authenticator does not support social sign in.
• Typescript support for the Database-queries would be nice. There is also the ongoing issue here of all the _typename members. The auto-generated types always have these and that makes them incompatible with the "pure" types which bloats all code and leads to duplicate type declarations etc.
• This is a bit more general but over the last 2 years we have experienced several regressions in minor releases so semver numbers of amplify releases were not reliable for us. If semver is not intended in the version numbers, maybe this should be stated somewhere. If the releases are supposed to be semver, maybe the release-process should be adapted (don't know, this depends massively on your internal processes).

[abdallahshaban557]

@SilverLinings89 - we really appreciate you taking the time to give us this feedback. I will address them individually:

• We are exploring what an out of the box solution for multi-tenancy is. We do not yet have a solid solution, but we will have more to share once a design is in place to get feedback from our community. While this did not make it for 2023, it is top of mind for us in 2024.
• For account merging, we worked with the Amazon Cognito team, and they have recently enabled support for that in the preSignUp lambda trigger. So you can take a look at this approach we've provided developers wanting to use this feature. We are considering providing an "out of the box" experience, but are still debating how to do it in the most safe way possible.
• We're optimzing tree-shaking and reducing bundle size substantially in our next major version. Can you elaborate a bit more on the warnings you are getting?
• The React Native Authenticator supporting social sign in is happening very soon! It will be released by the time we get our new major version of the Amplify JavaScript out. The Amplify UI team has been working with us to enable that as fast as they could.
• The type decleration issue will be fixed as part of our overall "TypeScript Enhancement" initiative. We will also provide a new client that can be used in a fully typesafe way, which is generated from your schema definition!
• On the issues with regressions, we had discovered some of our internal processes needed tightening to make sure we release code safely, and that all breaking changes/regressions are caught and avoided. We are getting better at preventing these issues everyday!

[SilverLinings89]

@abdallahshaban557 I'm gonna be honest: This sounds like the perfect response :) Thank you very much for your remarks. Our team really appreciates your efforts and we are happy to have chosen AWS and Amplify for our product.

Below you find the output of our angular build command with angular 16. There are some more of these but I have only included the ones that have clearly been imported by Amplify. Also: To shorten the code: After every warning, there is the following hint: "CommonJS or AMD dependencies can cause optimization bailouts. For more information see: https://angular.io/guide/build#configuring-commonjs-dependencies"

yarn run v1.22.19
$ ng build --configuration production
The esbuild-based browser application builder ('browser-esbuild') is currently in developer preview and is not yet recommended for production use. For additional information, please see https://angular.io/guide/esbuild
The 'budgets' option is not yet supported by this builder.
⠦ Building...

▲ [WARNING] Module 'zen-push' used by 'node_modules/@aws-amplify/datastore/lib-esm/storage/storage.js' is not ESM

▲ [WARNING] Module '@aws-crypto/util' used by 'node_modules/@aws-crypto/sha256-js/build/jsSha256.js' is not ESM

▲ [WARNING] Module 'axios' used by 'node_modules/@aws-amplify/api-rest/lib-esm/RestClient.js' is not ESM

▲ [WARNING] Module 'bowser' used by 'node_modules/@aws-sdk/client-lex-runtime-service/node_modules/@aws-sdk/util-user-agent-browser/dist-es/index.js' is not ESM

▲ [WARNING] Module '@aws-crypto/util' used by 'node_modules/@aws-sdk/eventstream-marshaller/node_modules/@aws-crypto/crc32/build/index.js' is not ESM

▲ [WARNING] Module '@aws-crypto/supports-web-crypto' used by 'node_modules/@aws-sdk/client-lex-runtime-service/node_modules/@aws-crypto/sha256-browser/build/crossPlatformSha256.js' is not ESM

▲ [WARNING] Module '@aws-crypto/ie11-detection' used by 'node_modules/@aws-sdk/client-lex-runtime-service/node_modules/@aws-crypto/sha256-browser/build/crossPlatformSha256.js' is not ESM

▲ [WARNING] Module '@aws-crypto/util' used by 'node_modules/@aws-sdk/client-lex-runtime-service/node_modules/@aws-crypto/sha256-browser/build/webCryptoSha256.js' is not ESM

▲ [WARNING] Module '@aws-crypto/supports-web-crypto' used by 'node_modules/@aws-sdk/client-lex-runtime-v2/node_modules/@aws-crypto/sha256-browser/build/crossPlatformSha256.js' is not ESM

▲ [WARNING] Module '@aws-crypto/ie11-detection' used by 'node_modules/@aws-sdk/client-lex-runtime-v2/node_modules/@aws-crypto/sha256-browser/build/crossPlatformSha256.js' is not ESM

▲ [WARNING] Module '@aws-crypto/supports-web-crypto' used by 'node_modules/@aws-crypto/sha256-browser/build/crossPlatformSha256.js' is not ESM

▲ [WARNING] Module '@aws-crypto/ie11-detection' used by 'node_modules/@aws-crypto/sha256-browser/build/crossPlatformSha256.js' is not ESM

▲ [WARNING] Module '@aws-crypto/util' used by 'node_modules/@aws-crypto/sha256-browser/build/webCryptoSha256.js' is not ESM

▲ [WARNING] Module '@aws-crypto/supports-web-crypto' used by 'node_modules/@aws-sdk/client-location/node_modules/@aws-crypto/sha256-browser/build/crossPlatformSha256.js' is not ESM

▲ [WARNING] Module '@aws-crypto/ie11-detection' used by 'node_modules/@aws-sdk/client-location/node_modules/@aws-crypto/sha256-browser/build/crossPlatformSha256.js' is not ESM

[abdallahshaban557]

That is amazing to hear - we hope to be bringing even more value to you and your team soon!

Got it on the issue, and it is on our radar! We already have a Github issue on this as well! @AllanZhengYP on our team is actively investigating it!. We will provide updates on that Github issue as we make progress.

[DougalW]

Please please please prioritise the CloudFormation scaling issues:

aws-amplify/amplify-category-api#32
aws-amplify/amplify-category-api#658
aws-amplify/amplify-studio#414
aws-amplify/amplify-category-api#1854

There's clearly something going on under the covers that's preventing scaling past a certain point. It seems to start around 40 tables in dynamoDB and become unusable somewhere >50, so much so that Amplify becomes unusable.

[abdallahshaban557]

Hi @DougalW - the issues you have mentioned are on our radar, we are aware of these scaling issues, and have some potential paths forward identified to help us alleviate these pain points. We will continue to provide updates on these Github issues as we make more progress.

[aaamoshd]

Hello there. It would be great, if the team could also focus on changing the behavior of Device Tracking when Custom_Auth flow is used. As it stands, device tracking is a feature that cannot be used in tandem with Custom_Auth flow which might be very disruptive for certain implementations.

Here are the related cases with Device Tracking and Custom_Auth flow.

#9592
#12220

[abdallahshaban557]

Hi @aaamoshd - thank you so much for this feedback. We had been investigating them before - and agree that not having them supported is disruptive. We will continue to provide updates on them as we make progress.

[jeffpball]

Hello, lots of love to the AWS Amplify team and AWS more widely. I know you're a business, but your tools enable developers to do a lot of cool stuff. So thanks for your work.

This is probably a lot lower prio than the folks who are working on production code bases using Next.js, but I wanted to bring it up on behalf of Next.js novices like myself.

It would be great to have this Next.js tutorial in the Amplify docs updated to include:

• AWS Amplify JavaScript v6 Developer Preview usage
• App Router (maybe alongside Pages Router like you've done elsewhere in Amplify docs)
• TypeScript examples alongside JavaScript

It seems to me that specifically this section could use the updates mentioned above. There's probably other places in the tutorial that will need updating, but overall if we could get an up to date Next.js GraphQL CRUD app (including Authentication) server component tutorial with all the recent updates applied, it would be a big win for me personally and hopefully for others.

A little backstory: I first attempted to ask Vercel to update their Amplify example app repo and they decided to remove it and refer people to your docs. See here vercel/next.js#57127 and here vercel/next.js@ac54377

So, now I'm trying to piece together what would amount to an updated version of the Next.js tutorial app using both Vercel's primary documentation regarding App Router and these various Amplify docs:
Amplify JS 6 Developer Preview announcement
The actual JS 6 Developer Preview docs
Next.js Features blog article

...and a few other docs that are out there. It's a pretty challenging task - it feels like there's a lot of moving parts with the release of Next.js 13.4 and Amplify JavaScript v6 so thanks in advance for any assistance on this!

[abdallahshaban557]

Hi @jeffpball - we are working on updating our documentation to make it a lot easier to use NextJS with Amplify as part of our v6 release of Amplify JavaScript. We understand that with the release of App Router the paradigm has shifted a bit on how to use NextJS, and our tooling is now catching up to make that experience easier. Stay tuned! V6 and our updated docs are almost there!

[jeffpball]

Hi @jeffpball - we are working on updating our documentation to make it a lot easier to use NextJS with Amplify as part of our v6 release of Amplify JavaScript. We understand that with the release of App Router the paradigm has shifted a bit on how to use NextJS, and our tooling is now catching up to make that experience easier. Stay tuned! V6 and our updated docs are almost there!

That's great news, thanks a lot @abdallahshaban557 !

[rogueturnip]

Excited to hear it's "almost there" :)

[charlieforward9]

I still lack many of the 'behind the scenes' insights, but it seems that Amplify's interoperability with Web Workers is not stable. Having a bug-free experience when using Amplify API's and Web Workers is necesarry for our use case. More information on this issue: #12278

[RichiCoder1]

Wanted to +1 how excited I'd personally be for Passkey/WebAuthN support to be first class. Massive enabler for ditching passwords without having to rely on third party social providers.

[djorgji]

+1 for the passwordless logins for us.

[osehmathias]

Is Datastore encryption on the client on the horizon? Or should we be generously tempering our expectations in this regard?

Edit: Not having this encrypted excludes almost all healthcare applications from using Datastore

[cwomack]

Hello everyone! We appreciate all the comments and feedback on this issue thus far, and wanted to give a quick status update/summary of what was accomplished in Q4 of 2023 per these focus areas. We had an exciting quarter to close out last year and saw “wins” in the following areas:

• v6 General Availability - TypeScript Strict mode and no implicit any’s

• Bundle size improvements

• Next Gen DevEx (Gen 2) - Amplify’s Code First Developer experience (now in developer preview)

• Support for Hosting any SSR App

• Wildcard Subdomains

• Creating GraphQL API’s for any existing MySQL and PostgreSQL Databases

We also wanted to recognize the areas where we didn’t make quite as much progress as we would have liked, such as the Storage category improvements, observability/monitoring, and enabling MagicLink/one-time password. We plan on having these be a part of the Q1 2024 Focus Areas and will release a new issue that details these by the end of this month!