I'm planning on building an iOS application and want to implement an already built user management(username, first name, last name, phone number, email) instead of me coding it from scratch.
First name
Last name
Username
Phone number
Email
Any recommendations if there is any open source code I could easily copy?
Thanks in advance!
In AWS, you could use AWS Cognito to perform user management. From the docs
Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps. Your users can sign in directly with a user name and password, or through a third party such as Facebook, Amazon, Google or Apple. The two main components of Amazon Cognito are user pools and identity pools.
More information here https://aws.amazon.com/cognito/
Related
I am using AWS Cognito as my Auth server.
My business logic is such that users can only sign up when they are invited (by email).
Is this possible?
The flow I have in mind is:
Organization admin sends invitation emails to employees of this organization.
The employees click the invitation link in the email, and are directed to a sign up page. The organization name is preset, so that a user's organization is pre-determined. Since the user click this particular invitation link (sent from this particular organization), the organization name is already determined in the sign-up page.
The employee completes sign-up page and a user is generated in the Cognito user pool, and the newly created user is attached to the organization.
It seems to me that such logic is not possible, by reading the doc:
User accounts are added to your user pool in one of the following ways:
- The user signs up in your user pool's client app, which can be a mobile or web app.
- You can import the user's account into your user pool. For more information, see Importing users into user pools from a CSV file.
- You can create the user's account in your user pool and invite the user to sign in. For more information, see Creating user accounts as administrator.
I hope I'm wrong though.
Did I miss something? Can this be done?
You can create a front end and an API/backend to achieve this.
In cognito settings select "Only allow administrators to create users".
Create a front end for collecting information required for user pool.
Create API that will pass this info to lambda which will use admin_create_user and any other admin_ call that you need.
You will then send your front end's link to certain users you want to invite. Make sure these are unique and have expiration time. You can also make it so that a link can only be used to sign up a single user.
In Amazon Cognito's User Guide, in the page “Configuring User Pool Attributes”, there is this paragraph (with added emphasis):
“If your application does not require a username, you do not need to ask users to provide one. Your app can create a unique username for users in the background. This is useful if, for example, you want users to register and sign in with an email address and password.”
I want to do precisely what the paragraph says: while users sign up, create in the background a custom user ID for them myself, because I need these IDs to follow a specific semantic format, that embeds tenant context into the IDs (something like “T01234#U01234567“, meaning “user U01234567 inside of tenant T01234”).
The users won't know of their custom ID, they will feel as they've signed up (and later signed in) with their emails (or through 3rd parties like Facebook and Google, if possible in this set up). But in the background I will create these custom IDs and store them in their username attribute in the User Pool.
The reason I want to store these iDs specifically in the username attribute is because it is un-mutable and unique, but most important because I will need to query Cognito's APIs (ListUsers, AdminListGroupsForUser, etc.) using these custom IDs as filter, to give my customers some user management capabilities. The username attribute is the parameter for these APIs. Therefore, I cannot use User Pool custom attributes here, since they are not accepted as parameters of these APIs.
The reason I post this Question is because, while the documentation recommends this as a possible setting, there is no specific information on how to set the user pools and sign up flow to support this specific use case.
What is the general settings layout of this? To start with, in the option “How do you want your end users to sign-up and sign-in?”, what do I have to put there in the scenario I described? If anyone can give any additional pertinent information, it would be very helpful, as the documentation feels somewhat opaque.
Thank you very much for those who've read this.
You probably will need to deal this in your frontend.
When your user start the sign-up process, you will need to generate the username based on your requirements and send the request to Cognito User Pool using that generated username + e-mail.
For Cognito User Pools this will be transparent because in the request it will receive the username, the password and the user e-mail. Off course you will need to allow login with e-mail and password.
If you don't want to do this in the frontend you can create a backend with public access that accepts a unauthenticated requests and performs this task directly in Cognito User Pool.
I'm trying to use the Google People API to get the authenticated user's phone number that is associated with their Google account by using the people.get method and the resource name of person/me.
I tried this out on both a web application using the scopes profile https://www.googleapis.com/auth/user.phonenumbers.read, as well as with the API Explorer. In both cases, I only see the authenticated user's phone number if it happens to be listed in their Google+ profile account.
As described here, a user's Google account is one of the sources of data that the Google People API retrieves from. Can the API include account phone numbers as part of the information returned for person/me?
Most likely you are running into https://issuetracker.google.com/issues/78151501.
we working with Managing Users and Roles with APIs link Manage user APIs
trying to find function get specific user by username or email, but can't find,
which function i should use?
You can use getUserList() function.
For example, you can give claimUri as http://wso2.org/claims/emailaddress and claimValue as the email address of that specific user.
I've been stumbling around for a few hours trying to understand Cognito and identity management in a mobile app. I'm relatively new to mobile app development. I've made a mobile app before, but never one with a back-end. so now I'm playing around with AWS intending to try just that.
I want to make sure that each user using my app can be uniquely identified so that I can store content that they submit to the server associated with them. But I also want other users to be able to see their submitted content. I haven't decided on a data storage mechanism yet (Amazon seems to offer a few), but whatever it is will have to be an indefinitely free service since I'm not planning on spending (or earning) any money on this app.
Part of what is confusing me is the need to create App IDs with whatever service I wanted to use with federated identities. I am starting to suspect there are multiple kinds of identities that I'm getting confused. Does the App have its own identity independent of a user's identity? I didn't expect to have to create Google and Amazon App IDs just to allow users to log into my app using their Google or Amazon accounts. I suspect I'm understanding the API wrong, and I'm having a really hard time finding applicable sample code usable from Xamarin.
I have this much code (unique identifier x'd out):
CognitoAWSCredentials credentials = new CognitoAWSCredentials(
"us-east-2:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", // Identity pool ID
RegionEndpoint.USEast2 // Region
);
And that seemed to run (in a debugger) without throwing an exception at least, but I'm not clear what it has given me. I'm doubting that this credentials object uniquely identifies the user after they might reboot their device, and start the app again the next day. For that I suspect I need something more, and I'm not clear what. What's the next simplest step to get a unique identifier for a user which I can store along with their content to associate it with them?
Are you set on having users use third part identity or do you want to provide user's their own identity? For federated identities (3rd party) you need to provide an Identity Pool ID which is created in Cognito to identify the federated identity provider. For your own identities in Cognito you create User Pools which also have an ID.
If you want to provide user sign-in and sign-up you want to use Cognito identities and not federated identities. The link below has some good references regarding this -
https://aws.amazon.com/cognito/dev-resources/