AWS Cognito Admin GetUser with associated groups - amazon-web-services

I am using aws cognito sdk with .net core 3.1 webapi. The issue is, I have to display users info as well as user groups. ListUserApi https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUsers.html doesn't return users group information. According to the docs I have to call other api ListUserInGroups (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUsersInGroup.html) but as I need both information on single table. This call would be really expensive for me. Is there any other api which returns user's profile info as well as user group info. I tried to find one but couldn't
Also one other question do aws cognito api provied sorting functionality? Like sort by name of email? I can only see filtering option but not sorting.

Related

Fetching data from DynamoDB Table after adding data from different user into that

I got a AWS amplify app with datastore categorie. Also user can login and add notes (AWS Cognito for authentication and GraphQL as API in order to insert data to the table). I coded the login function and further Backend services on ios plattform while using swift.
Those notes are created by different user. Now I want to provide those data for a user which only has read access and din't has to be logged in.
Question is, how to access to this data via a REST interface. Unfortunately I can't find any API address listed in the Table details. Does anyone has experience with this stack and can advice here ?
My goal is to provide all data to a usual visitor of the app. So he should be able to see all data, published by all users.
Appreciate your help.

How can I integrate AWS-Congnito-Userpool-Group Logic into my React App?

I am working on a React Project and in there I want to use AWS Cognito for Role Based Authentication. My Project will be having multiple roles like Super User, User, Admin, Super Admin, etc. and to achieve this I have created multiple userpools. As in 1 userpool for each role and Everything is working correctly but turned out that I can achieve same functionality within single userpool by making groups in it.
So, The problem is that for now I am using 'aws-cognito-identity-js' library to authenticate users. but in that Library I couldn't find any code related to Userpool Groups and also I tried to find another library related to Userpool Groups but I couldn't find any. So, How can I integrate that Groups Logic into my React App?!
When you login to the userpool you get an ID-Token. The payload of this ID token also contains the groups the user belongs to.
let
[header, payload, signature] = idtoken.split("."),
jsonPayload = JSON.parse(atob(payload)),
groups = jsonPayload["cognito:groups"]
Of course you can also use your favourite JWT library (maybe even amazon-cognito-identity-js has something included) to verify and parse the ID token and extract the desired claims from it.
EDIT
amazon-cogito-identity-js cannot be used to manage groups during self-signup of a user. IMHO it would be counter-intuitive and a security flaw, that a user can add himself to a group (which probably has certain security implications in your app) without administrative intervention.
If you really want allow the newly created user to select which groups he belongs to, you can do that via a Post Confirmation Trigger on the userpool.
Add the desired groupname for instance as a custom attribute while signing up the user.
Once the user is confirmed the post confimation trigger (a lambda function) is executed. This lambda function has to have the necessary permissions to execute the AdminAddUserToGroup command.
Within the trigger (which receives the user's attributes as parameter) execute the mentioned AdminAddUserToGroup command.

How does attribute mapping in AWS SSO apps work with Azure usernames?

I am creating an EUC Dashboard in AWS by following this tutorial. To log in to the dashboard, you're supposed to link SSO and Cognito. Unfortunately, my environment differs from the one in the Tutorial:
My user management runs on Microsoft Azure and AWS SSO checks Azure for authentication. The users only have a username (in the form of an email), not an email. In the tutorial, (at Module 2, Step 4, ยง18) Attribute Mapping for the SSO Application gets done with mapping ${user.email} to this schema http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress.
I instead want to map my usernames.
I have read through the AWS documentation for attribute mappings but that isn't enough for me to work this out.
How do I make this work for my setup?
As your usernames are in an email format, you can still use the emailaddress claim schema for your user attribute mapping - they'll be no issues.
The only note is to ensure that the correct field is used for mapping e.g. ${user.username} in this case instead of ${user.email}.

API for managing the Users in the Google Cloud Platform

Admin manages the Users from Admin google page (admin.google.com) and I are curious whether there is any API document like Rest API's available. Purpose: Admin can manage the users (like add user, delete user, fetch users list) from Postman using this Rest API's.
You can use G Suite Admin SDK's Directory API to manage users and groups as you intend. For a precise description of each resource representation, have a look at the API reference, for example here for the User resource.

AWS Lambda - Search for a user in a cognito user pool

I'm trying to write a pre signup lambda that will look for a user in our Cognito pool as to ensure that the data provided by the user is unique. I'm unable to find any docs that mention accessing the user pool directly or looking for a user by a non-username attribute?
You should be able to do what you want using the ListUsers API call, it accepts a filter so that you can filter down to just the attributes you want to get!
Not a search in the most general sense, but should help you to accomplish what you want!
http://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html