I create a Cognito user pool and set signup ,sign in signup process with facebook, Google and Cognito user pool. when i signup using Facebook or Goole create account successfully. but when login there is a error which is below
The user is not authenticate
How can i fix it
i fixed this issue with creating federation identity pool and set my user pool id and client id on it. then my issue was fix
Related
I am starting to implement federated authentication with AWS Cognito using AWS C++ SDK.
I want to authenticate a user with Cognito User Pool and Facebook, Twitter, Google.
I understand that I can link several logins under single user identifier (Cognito identityId), but it is possible only when such logins are added manually after first login.
In example, I see scenario:
A user is registered using Cognito UserPool.
Then, staying authenticated, the user authenticate itself using Facebook. And Facebook tokens can are added to logins.
When further retrieving AWSCredentials call processes - the Facebook login will be added to the user identity at Cognito Identity Pool.
After, the user can login using UserPool credentials and through Facebook authentication under the same user identityId.
Firstly, I am not sure that my scenario is correct, but it is what I realized after reading many posts here and AWS docs.
And if the scenario is correct, then I am in stuck with another question: how to refresh tokens?
In AWS C++ SDK in order to refresh AWS Credential the call CognitoIdentityClient.GetCredentialsForIdentity is used, but it requires to pass user logins.
My more specific question: do I need to pass all logins? Does it require to have all access tokens in the logins no expired?
Adressing your first point, you can use federated identity without using cognito user pool. This means that you can simply autheticate a user directly with facebook, google etc and not add them to user pool. If you do want all users to be there in user pool then you will have to write the code to accept certain parameters from these authentication providers and then add them along with username and password to your user pool.
Now on to your question. To refresh token you have to use InitiateAuth. In auth flow you have to pass "REFRESH_TOKEN_AUTH" and in AuthParameters you pass the refresh token.
Is it possible to add user to user pool if user authenticates using facebook or google?
I need this because I want simple logout and init current user. If I won't use user pool then I will have to init and logout users using facebook and google sdk.
i am using AWS Cognito to manage my app Sign In and Log In, on this way i authenticate my user against the user pool and obtain the jwt tokens (id token, access token and refresh token), i am using the id token to authenticate my app against the backend.
Now i want to integrate my app to make Sign in and Log in with Facebook, Gmail and others, as far as i know i should use the AWS Federated Identities, but i dont know how can i create my user in the user pool using the Facebook Login (p.eg) and obtain the tokens, may someone help me?
The way to federate identities into AWS is by using AWS Cognito Federated Identity as you mentioned. Your user pool can be configured as an identity provider for your identity pool, similar to Facebook, and Google. So all these options function as identity providers for your identity pool in order to federate identities into AWS.
I have a Congnito identity pool with Congnito User Pool as well as Facebook as authentication provider. I am able to register users with user pool as well as facebook. Some of the users may initially register using user pool but later may want to use their facebook credential to login.
Currently my application is treating both of them as separate users. How do I validate if a new login using facebook is already registered using user pool ?
i'd like to explain an auth flow and hope you can answer if amazon cognito the correct solution for this.
Requirements:
For every Login (Username/Password, Facebook, Google etcpp), there should be a valid User Pool account.
Flow Facebook (no identity or user pool account exists).
Customer clicks "Login with Facebook":
1) calling GetOpenIdToken -> with the FB AccessToken
1a) at the same time, use the FB AccessToken to fetch the email address from Facebook
2) calling AdminCreateUser with a generated password and facebook email
3) calling AdminInitiateAuth and fetch the idToken
4) calling GetOpenIdToken and add the idToken for cognito user pool and the facebookAccessToken
Result: a user in the Cognito User Pool and a linked federated account
Important is for me: the token from 4) is a user pool token and contains "sub" (UUID wich one is important for our internal database)
Ok, thats is ok and works good BUT:
Flow Facebook user comes back (identity and linked user pool account is available)
Customer clicks "Login with Facebook":
1) calling GetOpenIdToken -> with the FB AccessToken
2) calling DescribeIdentity and get the Login List
2a) we can see that there is a linked user pool id and don't need to create a new user
exact at this point comes the question:
how can i get a user pool token if i just have the facebookAccessToken, but a linked user pool login?
and is it possible to get the user pool data for that linked user just with the facebook accessToken ?
If this the correct flow or is this auth flow not supported by Cognito?
Thanks
Marcel
No this is not supported currently. You have created an identity in Cognito Federated Identities which has linked logins (FB and Cognito User Pools), but to authenticate with Cognito User Pools you currently cannot use Facebook access token. The only way to get the user pool token is by using the username/password for that account.
We have heard this request from multiple customers and would consider adding it in future releases.
Those Flows are not currently supported by AWS Cognito. You can build the customize flow on your identity api and just use cognito with Developer Credentials. But not recomended