Gen 2: Using custom lambda data auth unsupported in Swift

[concavegit]

Environment information

System:
  OS: macOS 15.1
  CPU: (8) arm64 Apple M2
  Memory: 274.83 MB / 24.00 GB
  Shell: /bin/zsh
Binaries:
  Node: 23.1.0 - /opt/homebrew/bin/node
  Yarn: undefined - undefined
  npm: 10.9.0 - /opt/homebrew/bin/npm
  pnpm: undefined - undefined
NPM Packages:
  @aws-amplify/auth-construct: 1.5.0
  @aws-amplify/backend: 1.8.0
  @aws-amplify/backend-auth: 1.4.1
  @aws-amplify/backend-cli: 1.4.2
  @aws-amplify/backend-data: 1.2.1
  @aws-amplify/backend-deployer: 1.1.9
  @aws-amplify/backend-function: 1.8.0
  @aws-amplify/backend-output-schemas: 1.4.0
  @aws-amplify/backend-output-storage: 1.1.3
  @aws-amplify/backend-secret: 1.1.5
  @aws-amplify/backend-storage: 1.2.3
  @aws-amplify/cli-core: 1.2.0
  @aws-amplify/client-config: 1.5.2
  @aws-amplify/deployed-backend-client: 1.4.2
  @aws-amplify/form-generator: 1.0.3
  @aws-amplify/model-generator: 1.0.9
  @aws-amplify/platform-core: 1.2.1
  @aws-amplify/plugin-types: 1.5.0
  @aws-amplify/sandbox: 1.2.6
  @aws-amplify/schema-generator: 1.2.5
  aws-amplify: 6.8.2
  aws-cdk: 2.167.2
  aws-cdk-lib: 2.167.2
  typescript: 5.6.3
(node:16091) ExperimentalWarning: CommonJS module /opt/homebrew/lib/node_modules/npm/node_modules/debug/src/node.js is loading ES Module /opt/homebrew/lib/node_modules/npm/node_modules/supports-color/index.js using require().
Support for loading ES Module in require() is an experimental feature and might change at any time
(Use `node --trace-warnings ...` to show where the warning was created)
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!                                                                                                                      !!
!!  This software has not been tested with node v23.1.0.                                                                !!
!!  Should you encounter odd runtime issues, please try using one of the supported release before filing a bug report.  !!
!!                                                                                                                      !!
!!  This software is currently running on node v23.1.0.                                                                 !!
!!  As of the current release of this software, supported node releases are:                                            !!
!!  - ^22.0.0 (Planned end-of-life: 2027-04-30)                                                                         !!
!!  - ^20.0.0 (Planned end-of-life: 2026-04-30)                                                                         !!
!!  - ^18.0.0 (Planned end-of-life: 2025-04-30)                                                                         !!
!!                                                                                                                      !!
!!  This warning can be silenced by setting the JSII_SILENCE_WARNING_UNTESTED_NODE_VERSION environment variable.        !!
!!                                                                                                                      !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
No AWS environment variables
No CDK environment variables

Describe the bug

I created a custom data query authorized with a custom lambda following https://docs.amplify.aws/swift/build-a-backend/data/customize-authz/custom-data-access-patterns/. When I try to use this query from my client using the lambda authorizer, I get this client error:

APIError: Unexpected error occurred with message: Could not get endpoint interceptors

when generating the Swift models with npx ampx generate graphql-client-code, I get this warning that may be related:

warning: Model MyModel has auth with authStrategy custom of which is not yet supported in DataStore.

I suspect custom lambda data auth is unsupported in Swift, but I'm creating this issue in amplify-backend in case this is a general Amplify Gen 2 issue. I checked the logs of my authorization lambda, and there are non which means my app is not calling the authorization lambda even though I set the authorization mode to lambda.

Reproduction steps

This is my data backend:

const myCustomAuthorizer = defineFunction({entry: "./my-custom-authorizer.js"});

const schema = a
    .schema({
        myCustomQuery: a
            .query()
            .arguments({id: a.id()})
            .returns(a.ref("MyModel"))
            .authorization((allow) => [allow.custom()])
            .handler(
                a.handler.custom({
                    dataSource: a.ref("MyModel"),
                    entry: "./my-custom-query.js",
                }),
            ),
    })
    .authorization((allow) => [
        allow.resource(myCustomAuthorizerLambda) // Grant my custom authorizer access to the tables
    ]);

export const data = defineData({
    schema,
    authorizationModes: {
        defaultAuthorizationMode: "apiKey",
        lambdaAuthorizationMode: {
            function: myCustomAuthorizerLambda, // Use my custom authorizer myCustomQuery
        },
    },
});

And this is my frontend:

    static func myCustomQuery(_ id: String) async throws -> MyModel {
        let result = try await Amplify.API.query(request: GraphQLRequest<MyModel>(
            document: myCustomQueryDocument, // defined below
            variables: [
                "id": id
            ],
            responseType: MyModel.self,
            authMode: AWSAuthorizationType.function // Set auth to lambda function
        ))
        switch result {
        case .success(let response):
            return response
        case .failure(let error):
            throw error
        }
    }


    private static let getProjectScopedDocument = """
    query MyCustomQuery($id: ID!) {
        myCustomQuery(id: $id) {
            id
        }
    }
    """

[ykethan]

Hey,👋 thanks for raising this! I'm going to transfer this over to our codegen repository for better assistance 🙂.

[concavegit]

Thank you! I also ran another test with a non-custom query using the lambda authorizer

        let result = try await Amplify.API.query(
            request: .get(MyModel.self, byId: amplifyDataId, authMode: .function)
        )

Which resulted in the same error

APIError: Unexpected error occurred with message: Could not get endpoint interceptors
Recovery suggestion: 

This should not happen. There is a possibility that there is a bug if this error persists. Please take a look at https://github.com/aws-amplify/amplify-ios/issues to see if there are any existing issues that match your scenario, and file an issue with the details of the bug if there isn't. Issue encountered at:
file: /Users/concaveusr/Library/Developer/Xcode/DerivedData/Kanai-hetttcuqtdkwkebxhymjoegcaakx/SourcePackages/checkouts/amplify-swift/Amplify/Categories/API/Error/APIError.swift
function: recoverySuggestion
line: 88

I am using the latest version of each of all related libraries. The documentation at https://docs.amplify.aws/swift/build-a-backend/data/connect-to-API/ says custom auth is possible as shown in the below screenshot, but from the error it does not appear so.

Is the custom authorizer intentionally not supported in Swift, or is this a bug?

[concavegit]

Hello! Any news here?