Merge branch 'main' into test/log_integration

* main:
  fix(core): add Foundation HTTP client for watchOS / tvOS (#3230)
  chore: finalize release 2.18.0 [skip ci]
  chore: release 2.18.0 [skip ci]
  feat: Setting mininum watchOS version to 9 (#3229)
  change swift-tools-version to 5.7 (#3193)
  chore: finalize release 2.17.2 [skip ci]
  chore: release 2.17.2 [skip ci]
  fix(datastore): use unwrapped storageEngine to perform datastore operations (#3204)
  fix(datastore): using URLProtocol monitor auth request headers (#3221)
  ci: add dependency review workflow (#3132)
  fix(api): change request interceptors applying logic (#3190)

.github/workflows/dependency-review.yml

@@ -0,0 +1,25 @@
+name: Dependency Review
+
+on:
+  pull_request:
+    branches:
+      - main
+      - v1
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    name: Dependency Review
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          persist-credentials: false
+
+      - name: Dependency Review
+        uses: actions/dependency-review-action@7d90b4f05fea31dde1c4a1fb3fa787e197ea93ab # v3.0.7
+        with:
+          config-file: aws-amplify/amplify-ci-support/.github/dependency-review-config.yml@main

.github/workflows/integ_test_datastore_auth_iam.yml

@@ -5,12 +5,12 @@ on:
 
 permissions:
     id-token: write
-    contents: read 
+    contents: read
 
 jobs:
   datastore-integration-auth-iam-test-iOS:
     timeout-minutes: 30
-    runs-on: macos-12
+    runs-on: macos-13
     environment: IntegrationTest
     steps:
       - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
@@ -33,6 +33,8 @@ jobs:
         with:
           project_path: ./AmplifyPlugins/DataStore/Tests/DataStoreHostApp
           scheme: AWSDataStorePluginAuthIAMTests
+          destination: 'platform=iOS Simulator,name=iPhone 14,OS=latest'
+          xcode_path: '/Applications/Xcode_14.3.app'
 
   datastore-integration-auth-iam-test-tvOS:
     timeout-minutes: 30

.github/workflows/integ_test_datastore_multi_auth.yml

@@ -10,7 +10,7 @@ permissions:
 jobs:
   datastore-integration-multi-auth-test-iOS:
     timeout-minutes: 30
-    runs-on: macos-12
+    runs-on: macos-13
     environment: IntegrationTest
     steps:
       - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
@@ -33,6 +33,8 @@ jobs:
         with:
           project_path: ./AmplifyPlugins/DataStore/Tests/DataStoreHostApp
           scheme: AWSDataStorePluginMultiAuthTests
+          destination: 'platform=iOS Simulator,name=iPhone 14,OS=latest'
+          xcode_path: '/Applications/Xcode_14.3.app'
 
   datastore-integration-multi-auth-test-tvOS:
     timeout-minutes: 30

AmplifyPlugins/API/Sources/AWSAPIPlugin/Configuration/AWSAPICategoryPluginConfiguration.swift

@@ -72,7 +72,7 @@ public struct AWSAPICategoryPluginConfiguration {
         self.authService = authService
     }
 
-    /// Registers an interceptor for the provided API endpoint
+    /// Registers an customer interceptor for the provided API endpoint
     /// - Parameter interceptor: operation interceptor used to decorate API requests
     /// - Parameter toEndpoint: API endpoint name
     mutating func addInterceptor(_ interceptor: URLRequestInterceptor,
@@ -86,20 +86,16 @@ public struct AWSAPICategoryPluginConfiguration {
 
     /// Returns all the interceptors registered for `apiName` API endpoint
     /// - Parameter apiName: API endpoint name
-    /// - Returns: request interceptors
-    internal func interceptorsForEndpoint(named apiName: APIEndpointName) -> [URLRequestInterceptor] {
-        guard let interceptorsConfig = interceptors[apiName] else {
-            return []
-        }
-        return interceptorsConfig.interceptors
+    /// - Returns: Optional AWSAPIEndpointInterceptors for the apiName
+    internal func interceptorsForEndpoint(named apiName: APIEndpointName) -> AWSAPIEndpointInterceptors? {
+        return interceptors[apiName]
     }
 
-    /// Returns interceptors for the provided endpointConfig
+    /// Returns the interceptors for the provided endpointConfig
     /// - Parameters:
     ///   - endpointConfig: endpoint configuration
-    /// - Throws: PluginConfigurationError in case of failure building an instance of AWSAuthorizationConfiguration
-    /// - Returns: An array of URLRequestInterceptor
-    internal func interceptorsForEndpoint(withConfig endpointConfig: EndpointConfig) throws -> [URLRequestInterceptor] {
+    /// - Returns: Optional AWSAPIEndpointInterceptors for the endpointConfig
+    internal func interceptorsForEndpoint(withConfig endpointConfig: EndpointConfig) -> AWSAPIEndpointInterceptors? {
         return interceptorsForEndpoint(named: endpointConfig.name)
     }
 
@@ -108,9 +104,11 @@ public struct AWSAPICategoryPluginConfiguration {
     ///   - endpointConfig: endpoint configuration
     ///   - authType: overrides the registered auth interceptor
     /// - Throws: PluginConfigurationError in case of failure building an instance of AWSAuthorizationConfiguration
-    /// - Returns: An array of URLRequestInterceptor
-    internal func interceptorsForEndpoint(withConfig endpointConfig: EndpointConfig,
-                                          authType: AWSAuthorizationType) throws -> [URLRequestInterceptor] {
+    /// - Returns: Optional AWSAPIEndpointInterceptors for the endpointConfig and authType
+    internal func interceptorsForEndpoint(
+        withConfig endpointConfig: EndpointConfig,
+        authType: AWSAuthorizationType
+    ) throws -> AWSAPIEndpointInterceptors? {
 
         guard let apiAuthProviderFactory = self.apiAuthProviderFactory else {
             return interceptorsForEndpoint(named: endpointConfig.name)
@@ -126,12 +124,10 @@ public struct AWSAPICategoryPluginConfiguration {
                                                  authConfiguration: authConfiguration)
 
         // retrieve current interceptors and replace auth interceptor
-        let currentInterceptors = interceptorsForEndpoint(named: endpointConfig.name).filter {
-            !isAuthInterceptor($0)
-        }
-        config.interceptors.append(contentsOf: currentInterceptors)
+        let currentInterceptors = interceptorsForEndpoint(named: endpointConfig.name)
+        config.interceptors.append(contentsOf: currentInterceptors?.interceptors ?? [])
 
-        return config.interceptors
+        return config
     }
 
     // MARK: Private

AmplifyPlugins/API/Sources/AWSAPIPlugin/Configuration/AWSAPIEndpointInterceptors.swift

@@ -9,15 +9,27 @@ import Amplify
 import Foundation
 import AWSPluginsCore
 
+/// The order of interceptor decoration is as follows:
+/// 1. **prelude interceptors**
+/// 2. **cutomize headers**
+/// 3. **customer interceptors**
+/// 4. **postlude interceptors**
+///
+/// **Prelude** and **postlude** interceptors are used by library maintainers to
+/// integrate essential functionality for a variety of authentication types.
 struct AWSAPIEndpointInterceptors {
     // API name
     let apiEndpointName: APIEndpointName
 
     let apiAuthProviderFactory: APIAuthProviderFactory
     let authService: AWSAuthServiceBehavior?
 
+    var preludeInterceptors: [URLRequestInterceptor] = []
+
     var interceptors: [URLRequestInterceptor] = []
 
+    var postludeInterceptors: [URLRequestInterceptor] = []
+
     init(endpointName: APIEndpointName,
          apiAuthProviderFactory: APIAuthProviderFactory,
          authService: AWSAuthServiceBehavior? = nil) {
@@ -42,7 +54,7 @@ struct AWSAPIEndpointInterceptors {
         case .apiKey(let apiKeyConfig):
             let provider = BasicAPIKeyProvider(apiKey: apiKeyConfig.apiKey)
             let interceptor = APIKeyURLRequestInterceptor(apiKeyProvider: provider)
-            addInterceptor(interceptor)
+            preludeInterceptors.append(interceptor)
         case .awsIAM(let iamConfig):
             guard let authService = authService else {
                 throw PluginError.pluginConfigurationError("AuthService is not set for IAM",
@@ -52,31 +64,31 @@ struct AWSAPIEndpointInterceptors {
             let interceptor = IAMURLRequestInterceptor(iamCredentialsProvider: provider,
                                                        region: iamConfig.region,
                                                        endpointType: endpointType)
-            addInterceptor(interceptor)
+            postludeInterceptors.append(interceptor)
         case .amazonCognitoUserPools:
             guard let authService = authService else {
                 throw PluginError.pluginConfigurationError("AuthService not set for cognito user pools",
                                                            "")
             }
             let provider = BasicUserPoolTokenProvider(authService: authService)
             let interceptor = AuthTokenURLRequestInterceptor(authTokenProvider: provider)
-            addInterceptor(interceptor)
+            preludeInterceptors.append(interceptor)
         case .openIDConnect:
             guard let oidcAuthProvider = apiAuthProviderFactory.oidcAuthProvider() else {
                 throw PluginError.pluginConfigurationError("AuthService not set for OIDC",
                                                            "Provide an AmplifyOIDCAuthProvider via API plugin configuration")
             }
             let wrappedAuthProvider = AuthTokenProviderWrapper(tokenAuthProvider: oidcAuthProvider)
             let interceptor = AuthTokenURLRequestInterceptor(authTokenProvider: wrappedAuthProvider)
-            addInterceptor(interceptor)
+            preludeInterceptors.append(interceptor)
         case .function:
             guard let functionAuthProvider = apiAuthProviderFactory.functionAuthProvider() else {
                 throw PluginError.pluginConfigurationError("AuthService not set for function auth",
                                                            "Provide an AmplifyFunctionAuthProvider via API plugin configuration")
             }
             let wrappedAuthProvider = AuthTokenProviderWrapper(tokenAuthProvider: functionAuthProvider)
             let interceptor = AuthTokenURLRequestInterceptor(authTokenProvider: wrappedAuthProvider)
-            addInterceptor(interceptor)
+            preludeInterceptors.append(interceptor)
         }
     }
 }

AmplifyPlugins/API/Sources/AWSAPIPlugin/Interceptor/RequestInterceptor/AuthTokenURLRequestInterceptor.swift

@@ -32,9 +32,7 @@ struct AuthTokenURLRequestInterceptor: URLRequestInterceptor {
 
         mutableRequest.setValue(amzDate,
                                 forHTTPHeaderField: URLRequestConstants.Header.xAmzDate)
-        mutableRequest.setValue(URLRequestConstants.ContentType.applicationJson,
-                                forHTTPHeaderField: URLRequestConstants.Header.contentType)
-        mutableRequest.setValue(userAgent,
+        mutableRequest.addValue(userAgent,
                                 forHTTPHeaderField: URLRequestConstants.Header.userAgent)
 
         let token: String

AmplifyPlugins/API/Sources/AWSAPIPlugin/Interceptor/RequestInterceptor/IAMURLRequestInterceptor.swift

@@ -36,7 +36,6 @@ struct IAMURLRequestInterceptor: URLRequestInterceptor {
             throw APIError.unknown("Could not get host from mutable request", "")
         }
 
-        request.setValue(URLRequestConstants.ContentType.applicationJson, forHTTPHeaderField: URLRequestConstants.Header.contentType)
         request.setValue(host, forHTTPHeaderField: "host")
         request.setValue(userAgent, forHTTPHeaderField: URLRequestConstants.Header.userAgent)