I use AWS Cognito hosted UI to authenticate & register users on to my web platform.
The registration journey is as follows - I have a single subscription plan. A user wishes to purchase the subscription. He goes through the Cognito UI registration screens & in the end, the user completes the registration process. At the end of this process, I want to redirect the user to a payment portal to complete the payment.
I'm looking to achieve 2 things -
Integrate this registration journey with a payment portal
Once the payment is complete, get Cognito to mark the user as "registered". I'm fine if this has to be handled separately. I wouldn't mind maintaining a subscription status database myself if need be.
You can only customize the CSS of the hosted UI. To achieve what you want you would have to be able to edit the html and/or javascript
Related
We are developing a Flutter app with one to one chat, so the user is able to sign up with phone number, email, Google sign-in, Facebook sign-in, Apple sign in. So, regarding the chat we like to clarify few doubts from your development team:
How do you maintain the uniqueness for each user like auto-generating user-id?
Are we able to change the name of the users before chatting to the opponent?
Are we able to change the notification sound, Can we manage the notification with our own notification(we are using awesome notification flutter)?
Is there an API available to get the chat history for each user?
After getting the correct request for signup (https://developers.connectycube.com/flutter/authentication-and-users?id=user-signup) ConnectyCube's server creates a new user and generates an id for it, and returns newly created user in the response.
User can change their name any time via ‘Update profile’ https://developers.connectycube.com/flutter/authentication-and-users?id=user-profile-update request. The only current user can update the user’s name.
ConnectyCube SDK doesn’t provide any UI solutions. You can use any plugin(s) for displaying the notifications.
The user can fetch only chat history related to this user (https://developers.connectycube.com/flutter/messaging?id=chat-history).
The ConnectyCube has an API for login via Facebook, Firebase phone auth, e-mail, but for Google sign-in and Apple sign in you have to develop your own logic for creating a user and signup it on the ConnectyCube server.
I am able to logout and login but there is 1 particular scenario which I am not able to achieve.
Scenario:-
User logs in using federated social login (Google), using hosted UI directly.
Now the user clicks on logout it directs it to AWS Cognito logout URL
https://xxxxxxx.auth.us-east-2.amazoncognito.com/logout?
response_type=token&client_id=xxxxxxxxx&logout_uri=https://abc/logout.html
it logs out the user success and successfully redirects the user to logout page as mentioned in URL.
Now when the user tries to log in again by a different account, he is forced to use his previous google login only.
I want to have such functionality that user can log out and log in again if he wants then he can log in with the same account or with different depend on choice.
The important point to note is I can't use AWS-Amplify or any javascript framework, only plain javascript.
The reason you are always forced to log in with the same user seems to be that the /logout? endpoint only logs out the user on Cognito, but Cognito does not communicate to Google that it should log you out of your device. Thus, every time you sign back in and the Google Authentication screen is launched Google still remembers the device and sees that you're still logged in. As a result, the redirect URI is triggered without you ever being prompted to choose a new account.
I'm running into the same issues on a React Native project, but have yet to find any evidence that Cognito offers an endpoint to force it to also sign you out of the Identity provider (i.e. Google).
PS: Here's another stackoverflow discussion with more info: AWS Cognito - How to force select account when signing in with Google
One of the responses in that thread mentions calling Google's logout endpoint directly as part of the signout flow. It's definitely not pretty, but since you're using plain Javascript it might be a sufficient solution.
If you find a cleaner solution please make sure to share it, as I'd be interested to hear what you find :)
Well, I got it working but I don't think so its an issue but a kind of behaviour that every developer should know who is trying to integrate google login in the there application. Here are the few scenarios I am have checked and their respective behaviour.
My AWS Cognito Login URL
https://xxxxxxx.auth.us-east-2.amazoncognito.com/oauth2/authorize?
identity_provider=Google&redirect_uri=https://xxxxxx/login.html&response_type=TOKEN
&client_id=xxxxxxxxxxxxxxxxx&scope=phone%20email%20openid%20profile
My AWS Cognito Log out URL
https://xxxxxxxxx.auth.us-east-2.amazoncognito.com/logout?
client_id=xxxxxxxxxxxxxxxxxxxx
&logout_uri=https://xxxxxxxxxxxxx/logout.html
By using the above URL when I log out, I don't get logged out from chrome browser.
This behaviour is an issue for many people
So when your chrome browser has only 1 account logged in, at that time AWS Cognito google login won't redirect to a page where you can select the different user, because you have only single user through which it gets logged indirectly.
Found out how we can show multiple logins:- So if you want another user to log in then he needs to first sign in chrome browser, and when he clicks on google login from the website at that time he will be able to select user, as in chrome we have now 2 users logged in google, from where he can select which user want to use for access.
I won't be accepting this as an answer because it's not how everyone want this behaviour, will wait for few days if someone can suggest better way.
I think so, for now, we have to go with this.
I have had a call logged with Google to get all logon/logoff events as there has been an incident in our school where we suspect another user has logged on with the credentials of another user in school and posted unsavoury information. I want to track back through all events to see where this user potentially logged on and what time. Google said that they have limited information and what I have access to does not match up with what Google can see and vice versa. And I would need to post here for Google to create me an API. Could this be carried out please?
You can try to use the Reports API that has the Login Activity Report of all your account's users.
It has an API that retrieve G Suite login events for a domain and some instances, retrieve G Suite login events by event name such as suspicious successful logins.
I have created an app that just wants Users to subscribe for User_events and manage_pages WebHooks subscriptions. As a developer I am able to test the WebHooks at my callback url where I am handling all my graph api calls and retrieving additional information using restfb.
I am confused on having a redirect uri, when I want users to authorize the app. Basically my understanding so far is that I need to make my app public and submit for review in order for others to see. Is redirect uri mandatory for my app? my app wont need users to visit my website or login to any of my callback urls. Only information I need when the user subscribe(or authorize) my app is their uid and pages they are giving me the permission to.
Please note I started reading about facebook webhooks and app development very recently (a week). Any suggestions would be great help.
I want to have two login systems in the same application. There is main site for the 'owners', the owners can have 'portals'. Each portal will have his own login system, this time for the 'users'. Users within the portal will have roles (admin, editor, etc).
Something like:
site.com -> owners loging
site.com/portal1 -> users login
site.com/portal2 -> other users login
Owners and users are stored in different tables.
I dont know how to achive this with Flask-Login. How should I proceed?
Other alternatives I'm thinking are:
Split this application in two, one for the main site and the other
one for portals.
Join users and owners in the same table, and make the distiction if the user is owner or not. This I think is not desired, because they have different attributes.
You can use third party frameworks to handle authentication in your application. I use Auth0 and have nothing to complain. They are really simple to use and have integration with Flask.
From their home page:
Add authentication to your web and mobile apps in under 10 minutes;
Using Auth0, you can define, for example, a callback URL based on the user role. So you can call /owner if the user is an owner or /portalX if the user is not an owner.
This way you don't have to develop many and many security layers to secure users login.