AWS Cognito User pool Forgot Password with Google Captcha - amazon-web-services

We want to implement Cognito User pool: Forgot Password feature on the Angular Web APP by asking to validate using Google Captcha. Upon doing research we found that Forgot password API doesn't support custom parameters: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html
Is it possible to UserContextData field for this?
In web App we are using aws-amplify and it doesn't seem to support it:
https://aws-amplify.github.io/amplify-js/media/authentication_guide.html#forgot-password
Are there any workarounds for this?

Related

Django simplejwt + django-allauth how to issue personal access token for social media authentication

I'm implementing a service that allows users to sign up via normal username + password, google, facebook and github. I have the authentication working on my decoupled frontend and backend, but here's my issue.
I am developing some python CLI tool which uploads data to the backend, but users must be authenticated to do so. I have had no issue authenticated users via the normal username + password endpoint, but i'm struggling to see how to achieve this with the social media authentication.
I have been thinking that users should be able to issue personal access tokens via the frontend (similar to github's personal access token), but my question would be how can I do that? I would imagine this requires extending the login endpoint for django-simplejwt package?

Use Twitter as Identity Provider in AWS Cognito

I'm want to implement social-sign in with twitter in Cognito and test it using the build in UI page but I cannot find any relevant guidelines to do this.
My use case is to authenticate user with twitter credentials and obtain user information like firstname, lastname, email, country.
I've found this relatively old post: https://aws.amazon.com/blogs/mobile/announcing-twitter-and-digits-support-for-amazon-cognito/
But it seems that the native support for twitter was removed from Cognito? Because in Cognito under Identity Providers there is no twitter option.
Does anyone know what happened regarding this?
From what I've found in the twitter documentation regarding using twitter as a IdP it seems that it is not using OpenID Connect specification but some OAuth1 custom extension (I'm not sure if what I stated is correct): https://developer.twitter.com/en/docs/twitter-for-websites/log-in-with-twitter/guides/implementing-sign-in-with-twitter
But I did not find any OpenId Connect endpoints for twitter like the ones from Microsoft for example (https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration)
Is there any way that I can implement sign-in with twitter in cognito? And also to test this using the cognito build-in login UI?
As far as I know Twitter's current sign-in mechanism is based on OAuth 1.0 which is not OpenID Connect. So I would suggest you building some custom Auth Mechanism using OpenID (there might be already open source solutions), link it to Cognito and inside this custom auth app you authenticate with Twitter OAuth 1.0. So in other words, build a bridge between Cognito and Twitter via custom OpenID app.

iOS - AWS developer authentication, User registration Process

In my application i am using AWS SDK for development. i am able to do all the operations except user registration(In Developer authentication). In AWS they mentioned that for user registration we have to write our own backend code. But i do not have any idea about backend. I am thinking that if amazon provides straight forward solution for user registration it would be helpful. And i gone through server side setup(amazon provided sample code), but there we can register the user through browser not through ios client.
In my application user registration contains emaild, username, password and photo selection options.
For user registartion (developer authentication), i have done more research, but i did not find any direct solution.
Can any one please provide direct solution or any good tutorial to implement our own backend for user registration.
Thanks in advance.
You have a couple options to use Amazon Cognito and providing a complete registration system for users without building a backend: OpenID Connect and Open Source.
OpenID Connect: Since Cognito Supports OpenID Connect-compliant identity providers, you can leverage products out there that federate/broker multiple social providers and expose the federated user via OpenID Connect which have special support for Cognito including Ping Federate, Auth0, and SecureAuth to name a few. I also understood that Okta provides an OpenID Connect identity provider so it might be worth looking into.
Open Source: LambdaAuth is a bare bones project that leverages Lambda and Cognito to provide a registration and authentication backend. Cognito Helper is another one that appears to have more features and be more developed. If one of those have the features you need, they should be easy to deploy and run on server-less Lambda, so they're easy to maintain and you pay only for what you use.
While the details of your registration process will depend on the needs of your application, you may want to consider using API Gateway to front the registration logic you write.
API Gateway will generate an SDK for you which you can use in your application to call your API.
You can have your application call your registration API which handles all of the logic for doing the backend portion of acquiring credentials: http://docs.aws.amazon.com/cognito/devguide/identity/concepts/authentication-flow/#developer-authenticated-identities-authflow

Windows Azure Webservices custom Authentication

Greetings fellow Stackoverflowiens,
I have web services and a database setup in Windows Azure and I am using the javascript backend for the web services as this gives me basic CRUD calls without having to write the API. I also have a user table for all users that can login on the app with a field for username and password, I am trying to authenticate the user based on this table without writing the entire API. I can't just do a GET call to see if the user has entered a valid username and password as this would not be secure. And I can't use the Facebook, Twitter or other 3rd party authentication services as the requirement is to use a database of users.
Is there anyway of implementing a custom authentication into Azure without writing the entire API? Or is there another way of doing this that I am not aware of?
Any help that can be provided would be fantastic

Redmine as auth backend for another site

Everyone in our office has a redmine account and so I would like to know if it's possible to use Redmine as an authentication provider.
We create internal websites using django, and rather than having to set up usernames and passwords for each one, for each person, wouldn't it be nicer if I could just click "login using redmine". Just like how on stackoverflow I can click "login with google" which works with OpenID.
Is there any plugin or facility of redmine I can use to achieve this?
Consider Redmine OAuth provider plugin.
https://github.com/suer/redmine_oauth_provider
You could use the Redmine Rest API authentication. It allows you to use user/password to authenticate.