feat(api): add custom endpoint support to API

[svidgen]

Description of changes

Adds optional endpoint and apiKey properties to generateClient() options, allowing customers to use Amplify to connect to any accessible GraphQL API from within an app.

Also adds support for subscribing to multiple endpoints simultaneously.

When an alternative endpoint is provided:

1. authMode must be explicitly set. Omitting it is both a type error and runtime error.

2. authMode: "apiKey" requires that apiKey also be explicitly set; whether this mode is set in generateClient() or .graphql() downstream. Omitting it is both a type error and runtime error.

Issue #, if available

Description of how you validated changes

1. Tests added.
2. Manual testing
3. e2e's currently being authored

Checklist

• PR description included
• yarn test passes
• Unit Tests are changed or added
• Relevant documentation is changed or added (and PR referenced)

Checklist for repo maintainers

• Verify E2E tests for existing workflows are working as expected or add E2E tests for newly added workflows
• New source file paths included in this PR have been added to CODEOWNERS, if appropriate

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[stocaaro]

This overwrites the memoKey, even when we just retrieved the provider from the set doesn't it? It's probably not doing harm, but seems like an unnecessary operation.

[svidgen]

Yeah. I weighed it against a conditional check to do the same. This seemed simpler to read. But, I don't mind changing it if you disagree.

[stocaaro]

The conditional check seems like fewer moving parts or things to go wrong, but I also don't think I can come up with an example of when this would fail us, so this is a nit at best.

[stocaaro]

The old code would always either run addSchemaToClient or generateModelsPropertyOnAmplifyConfigure where the new code could run neither when there is an endpoint in the params and we don't raise the auth errors above, right?

Is it a problem to return a client without running one of these two functions?

Thinking over the change, probably not since we don't have a schema or models to bind in these additional endpoint use-cases. Interesting.

[svidgen]

It's very deliberately skipping both to avoid attaching .models etc. and potentially causing confusion there — if someone were logging out the client and poking around for example, they'd see methods from their MIS that have nothing to do with the endpoint.

[stocaaro]

This error logic is repeated from above, is other similar code shared in some way?

[svidgen]

It's probably more LOC to do so to accommodate the slightly different error messaging. Is it worth it to you?

[stocaaro]

nit. Probably not worth it.

[stocaaro]

Would this be better expressed as a generic where we pass in override types to we can repeat it with different overrides to create this union? This seems like an easy point to accidentally inject errors trying to make simple modifications all spelled out like this.

[svidgen]

FWIW, I did go down the generic route and found that TS was too confused to offer suggestions while typing (pressing ctrl+space in particular). I'm not sure if I made a mistake, but I then had to go on a small crusade to simplify the types down into the "dumbest" possible versions of themselves and it seemed to contribute to resolving the issue.

[stocaaro]

Hmm. Don't think we have the prettify wrapper here, but I think that might improve the CX on a more concise solution. Not sure where I land on this, this seems pretty long form.

[stocaaro]

Is this memoKey sufficient? Wondering if a websocket might ever be accessed with different authtypes to achieve different permissions where both would have the same endpoint (or something similar)

I think in all case, overriding a graphql calls authtype works, but maybe a client with authtype A will be recreated with authtype B and the dev will be surprised that they get the original instance with type A...

Any other config that might be needed in the memoKey to avoid surprises?

[svidgen]

I think it should be OK. We have normally used a single socket for all connections regardless of the authmode needed by the subscription itself. In chatting with Ivan about how to do this, I think he leaned towards keeping connections pooled by client — in most cases, I think that's slightly better for customers. Fewer local resources consumed at the very least, etc.. It's marginal. I wouldn't die on that hill.

If it causes issues, I think this behavior is pretty OK for us to change later.

[stocaaro]

The conditional check seems like fewer moving parts or things to go wrong, but I also don't think I can come up with an example of when this would fail us, so this is a nit at best.

[stocaaro]

nit. Probably not worth it.

[stocaaro]

Hmm. Don't think we have the prettify wrapper here, but I think that might improve the CX on a more concise solution. Not sure where I land on this, this seems pretty long form.