I have a React Native mobile app in which I'm using AWS Amplify to work with my Cognito user pool.
I am trying to get the "Created" date of the currently signed in user because I want to show existing users an alert when the app starts, but I don't want new users to get that alert. I plan on using the creation date of the user to know if they should see the alert.
When looking at my user pool in the Cognito service in AWS Console, I see that each user does have a "Created" property:
however, I am unsure how I can access that property from within the app. The only relevant method I could find in the docs was Auth.currentAuthenticatedUser(), but that doesn't seem to include the "Created" timestamp in its response.
I did find a reference to AdminGetUser in the Cognito docs which does include a UserCreateDate property, however I don't want to have admin credentials used within the app itself, so I am looking for an alternative.
Any suggestions would be appreciated!
There is a way that you can use the AdminGetUser API without providing direct admin access to the users. Since you are using Amplify, you can publish an API (either REST or GraphQL) that calls a Lambda function. The Lambda function in turn is configured with the required cognito-idp:AdminGetUser privilege for reading the user data and then returning it through the api.
Related
I’m approaching AWS for the first time, and I’m trying to build an app using Amplify, API Gateway, Cognito, Lambda and Dynamo DB (I’m building some sort of a ToDo app).
I’ve learnt how to use lambda and dynamoDB without any authentication system and now I want to implement it.
I’ve already setup cognito, api gateway and lambda in order to access API with an IdToken, but what I’m not able to do is saving into dynamoDB the data of the user that called the API, as when I log the event inside CloudWatch I see that all the fields that refer to cognito are null (ex. “Context.identity” is null).
I need it so when an user want to see its data I’ll call the GET method which filters only that user’s data and retrieves it.
Anyone could please explain if this is the correct way to do it and what I’m missing, or if there’s an easier way to build this?
I have a web application which uses Cognito to allow users to login. Cognito uses external provider (Okta). When user login first time user entry is created in user pool. I also have second application which has to use the same user pool, but because of specifics of this application I have to use email and password authentication.
I would like users to receive an email asking them to set (reset) their password when they first log in web app. What's a best way to achieve that?
As far as i know it's impossible to set password for EXTERNAL_PROVIDER users, but I can accept creating new (duplicating) users. But still I'd like to ask about best way to do this.
Instructions below are for migrating between cognito instances, but you might find them useful.
there is only one way to get this done is migration lambda trigger. In short:
create new cognito
create migration lambda
add this lambda as a trigger to login and/or forgotten passwords
point users at cognito (this might not be necessary in your instance)
upon login, Cognito will check locally and if user is not found, will use the trigger to check programmatically in another source.
If authentication is successful, old cognito will return object with all properties, incl passwords, which you can then insert into new cognito.
more info here: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-migrate-user.html
I already have a heavy user table in an existed website and server doesn't host in AWS.
I wanna use AWS Cognito for a mobile app of this site. So, need to check my server first when login/sign in.
But many blogs and examples look like only for serverless service.
I saw Accessing Server-side Resources after Sign-in. But this access server after getting token.
I saw Adding a User Pool Lambda Trigger. But not sure this can fit with my case.
I know I need to test these things first.
But just I wanna get some advice in here first.
So, Please give me advice.
Thanks.
you can do one thing, you can use cognito in application using aws-sdk which will do signin/singup
add trigger of cognito add save data to dynamo DB table or you can send data your database also.
another case if like you can add trigger, it will check for in both cognito and login your table to having user info and then allow the sign in.
OR
You can import your user data to cognito.
I am trying to authenticate users via AWS Cognito/IAM services from my webapp. I have implemented Facebook and LinkedIn login and I'm wondering how I could use AWS to implement username+password login via my UI. Is there a way for me to set it up so that all I have to do is drop in button for username+password login on my view and that will authenticate users and redirect back to my backend service (similar to Facebook/LinkedIn) and where I can put in an endpoint URL?
Do let me know If I need to be clearer.
Edit1: I have already tried using Developer Authenticated Workflow (enhanced workflow). I don't want to do the part where I create the User in my user pool by calling the AWS Cognito Identity API. I'd like AWS to do the user creation by itself. is this possible?
Edit2: Another alternative solution is to create a Lambda which does what I want. But this is similar to the code to do that (which is on my backend).
At the moment there is no complete solution for this. You have to either use newly introduced AWS Cognito User Pools or create your own one. I would also recommend to checkout the project https://github.com/danilop/LambdAuth which worth trying.
You can create AWS Cognito user pools and create the roles for authenticated and unauthenticated users and assign some policies for both roles. Once you have created the user pool you will necessary code to use in your web or mobile application. Refer How to setup Cognito user pools.
Need to register an endpoint with Amazon SNS when a user agrees to accept Push Notificaitons. Have the registration id I need to send to SNS. When I enter it manually I can send push notifications to my device.
Just need to register the endpoint with SNS using the Amazon API using a Post or Get request automatically when the user agrees to accept push notifications. Right now I'm getting SignatureDoesNotMatch trying to call CreatePlatformEndpoint.
http://docs.aws.amazon.com/sns/latest/api/API_CreatePlatformEndpoint.html
I have my
Application ARN
Access Key Id
Secret Access Key
But I'm not sure what values need to be passed in. Nothing seems to work and I haven't found good examples of what values the API is looking for when I call CreatePlatformEndpoint
It also appears I may need to call this before but this has even more values I'm not sure of.
http://docs.aws.amazon.com/sns/latest/api/API_CreatePlatformApplication.html
Seems like it should be fairly simple to make a request to add an Endpoint to my app. If anyone could help define what data goes where in this request that would be great.
Thanks
Permissions for the JavaScript SDK are tricky as it's obviously client side which makes your application potentially very susceptible. There's a good overview of JS credential management here. Hardcoding is not advised and if used should only be of a user with read-only credentials. Obviously for this application you need SNS modification permissions for I'd say go down the federation route.
The access key ID can be thought of like a username, and the secret access key is like the password. You need both for an authenticated handler to an AWS resource. The ARN is the thing you want access to and in this case I'm guessing this is the PlatformApplication?
It sounds like your error is because your request isn't being authenticated with the appropriate credentials. Are you also aware if those credentials provide access to the SNS service to make changes?
CreatePlatformApplication will return an ARN to use when creating the Endpoint. The endpoint parameters appear to be looking for that, the token to identify the app on the device, your user data and any other attributes you want to set.