Skip to content

feat(analytics): add Amazon Connect Customer Profiles provider for identifyUser#14864

Draft
soberm wants to merge 3 commits into
mainfrom
feat/connect-customer-profiles-identify-user
Draft

feat(analytics): add Amazon Connect Customer Profiles provider for identifyUser#14864
soberm wants to merge 3 commits into
mainfrom
feat/connect-customer-profiles-identify-user

Conversation

@soberm

@soberm soberm commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Description of changes

Adds a new, additive Analytics provider that backs identifyUser with an Amazon Connect Customer Profiles REST endpoint (typically fronted by a Lambda). Scoped strictly to the analytics identifyUser path. Supports both authenticated (Cognito user pool) and guest / unauthenticated (Cognito Identity Pool) callers.

What's included

  • New provider packages/analytics/src/providers/customer-profiles/ mirroring the existing Pinpoint provider structure (apis/identifyUser, utils/resolveConfig, utils/resolveCredentials, types). identifyUser resolves config + the caller's auth session and POSTs { userId, userProfile, options } to the endpoint (2xx → void; non-2xx / network error → typed AnalyticsError). Plain fetch for the authenticated path; the shared core signer for the guest path — no new dependencies.
  • Authenticated (Cognito user pool): POST ${endpoint}/identify-user with an Authorization: Bearer <accessToken> header. The profile is keyed on the caller's cognitoSub.
  • Guest / unauthenticated (Cognito Identity Pool): when no user-pool token is present, resolveCredentials returns the guest credentials + identityId, and the request is SigV4-signed (service execute-api, via signRequest from @aws-amplify/core/internals/aws-client-utils) and sent to POST ${endpoint}/identify-user-guest. The profile is keyed on the caller's Identity Pool identityId, enabling pre-sign-in use cases such as registering a device token before login. The auth mode is selected automatically from the resolved session.
  • Guest options + merge-on-sign-in: new optional options fields deviceId, platform, appVersion, and previousGuestIdentityId. Passing previousGuestIdentityId on an authenticated call folds the prior guest profile (and its devices) into the authenticated profile. Route paths are centralized as the IDENTIFY_USER_PATH / GUEST_IDENTIFY_USER_PATH constants.
  • Config: new analytics.amazon_connect_customer_profiles key in amplify_outputs ({ aws_region, endpoint }) is parsed by parseAnalytics into ResourcesConfig.Analytics.CustomerProfiles { endpoint, region }. New exported type ConnectCustomerProfilesProviderConfig. Pinpoint parsing is untouched.
  • Stable subpath export: aws-amplify/analytics/customer-profiles (and @aws-amplify/analytics/customer-profiles), mirroring how the pinpoint/personalize subpaths are exposed. Kept out of the top-level public barrel.
  • Tests: unit tests for authenticated token attach + request body shape, config resolution, credential resolution (authenticated + guest), amplify_outputs parsing, and the guest flow — guest SigV4 signing/attach to /identify-user-guest, previousGuestIdentityId merge-on-sign-in, and error mapping.

Backward compatibility

  • Public signatures are preserved 1:1: IdentifyUserInput = AnalyticsIdentifyUserInput<IdentifyUserOptions>, reusing the shared UserProfile from @aws-amplify/core. The new options fields are all optional.
  • Purely additive — the existing Pinpoint provider and all existing config are unchanged. No breaking changes (minor version bump; see the changeset .changeset/analytics-connect-customer-profiles-identify-user.md).

Issue #, if available

N/A

Description of how you validated changes

  • tsc --noEmit type-checks pass for @aws-amplify/core, @aws-amplify/analytics, and the aws-amplify umbrella (after building analytics so the new subpath .d.ts resolves).
  • ESLint passes for all changed/added files.
  • changeset status confirms the intended minor bumps for @aws-amplify/analytics, @aws-amplify/core, and aws-amplify.
  • The customer-profiles unit suite passes: 16/16 tests green across the authenticated and guest paths (including guest SigV4 signing, merge-on-sign-in, and error mapping) when run under Jest's node test environment.
  • Note: Jest's default jsdom environment currently fails at test-suite setup with a pre-existing, environmental ERR_REQUIRE_ESM (jsdom → http-proxy-agent@tootallnate/once) on Node v18.20.2 — a pre-existing Pinpoint test fails identically, confirming it is unrelated to these changes. The DOM-free customer-profiles tests were therefore run with --testEnvironment=node; CI is expected to run the full suite normally.

Checklist

  • PR description included
  • yarn test passes (the customer-profiles suite passes 16/16 under --testEnvironment=node; the default jsdom env is blocked locally by the pre-existing environmental ERR_REQUIRE_ESM described above; CI expected to pass)
  • Unit Tests are changed or added
  • Relevant documentation is changed or added (and PR referenced)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

soberm added 2 commits July 6, 2026 13:35
…ovider

Add a new client-side Analytics provider that backs identifyUser with an
Amazon Connect Customer Profiles REST endpoint (typically fronted by a
Lambda). Additive only - the existing Pinpoint provider is untouched.

Core:
- Add ConnectCustomerProfilesProviderConfig (Analytics.CustomerProfiles =
  { endpoint, region }) composed into ResourcesConfig.Analytics
- Parse amazon_connect_customer_profiles in parseAnalytics (additive)

Analytics:
- New providers/customer-profiles provider mirroring the pinpoint structure
  (apis/identifyUser, utils/resolveConfig, utils/resolveCredentials, types)
- identifyUser resolves config + Cognito user-pool access token, POSTs
  { userId, userProfile, options } to ${endpoint}/identify-user with a
  Bearer token; 2xx -> void, non-2xx -> typed AnalyticsError
- Reuses AnalyticsIdentifyUserInput / UserProfile; plain fetch, no new deps
- Exposed via stable subpath @aws-amplify/analytics/customer-profiles
  (kept out of the top-level public barrel)
- Unit tests for token attach, body shape, config/credential resolution
…d add changeset

Expose the Amazon Connect Customer Profiles provider through the umbrella
package subpath 'aws-amplify/analytics/customer-profiles' (mirroring the
pinpoint/personalize subpaths) and add the release changeset (minor bump for
@aws-amplify/analytics, @aws-amplify/core, aws-amplify). Additive only.
@changeset-bot

changeset-bot Bot commented Jul 6, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: f8139ae

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 6 packages
Name Type
@aws-amplify/analytics Minor
@aws-amplify/core Minor
aws-amplify Minor
@aws-amplify/api-graphql Patch
@aws-amplify/api Patch
@aws-amplify/datastore Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

⚠️ This PR includes changes to the "aws-amplify" package.json file, which can have library-wide implications.

Please ensure that this PR:

  • Does not manually change "@aws-amplify/*" dependency versions, which may misalign core dependencies across the library
  • Remove any export paths without a major version bump

A repository administrator is required to review this change.

…es identifyUser

Extend the Amazon Connect Customer Profiles `identifyUser` provider to support
unauthenticated guest callers via Cognito Identity Pool credentials.

When no Cognito user-pool token is present, `resolveCredentials` now returns the
guest `credentials` + `identityId` and the request is SigV4-signed (`execute-api`)
and sent to `POST {endpoint}/identify-user-guest` using the shared core signer.
Authenticated callers continue to use `POST {endpoint}/identify-user` with a
bearer token.

Adds optional `options` fields (`deviceId`, `platform`, `appVersion`, and
`previousGuestIdentityId`); passing `previousGuestIdentityId` on an authenticated
call folds the prior guest profile into the authenticated one (merge-on-sign-in).
Route paths are centralized as `IDENTIFY_USER_PATH` / `GUEST_IDENTIFY_USER_PATH`
constants.

Additive and non-breaking: the public `IdentifyUserInput`/`UserProfile`
signatures are preserved and Pinpoint is untouched. Adds unit tests for the guest
identify + SigV4 attach, merge-on-sign-in, and error-mapping paths.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant