I tried to add Twitter as Identity Provider for User Pool, I tried to add it Twitter as OpenID Connect with below information:
{
"client_id": "Consumer Key",
"client_secret": "Consumer Secret",
"authorize_scopes": "openid email profile",
"attributes_request_method": “POST”,
"oidc_issuer": "https://api.twitter.com/",
"authorize_url": "https://api.twitter.com/oauth/authorize",
"token_url": "https://api.twitter.com/oauth/request_token",
"attributes_url": "https://api.twitter.com",
"jwks_uri": "https://api.twitter.com"
}
Below message is displayed.
Is there any missed setting? If you have any
information, please teach me.
Thanks.
Related
I have configured google provider via cognito user pool and I am able to login through google and get user information. And I have added many attributes on the attribute mapping page as shown in below screenshot.
The endpoint I am using to get user info is https://docs.aws.amazon.com/cognito/latest/developerguide/userinfo-endpoint.html.
The response data for user info is always:
data: {
identities: '[{"userId":"xxxx","providerName":"Google","providerType":"Google","issuer":null,"primary":true,"dateCreated":1587772412295}]',
email_verified: 'true',
email: 'xxxx#gmail.com',
username: 'Google_1xxxx'
}
Regardless how I update the attribute mappings, I always see above response. Why can't I get additional attributes like picture, given_name, birthday etc. Do I need to set any permission on google side?
In app client setting, I have below configuration:
In authorized scope, I have set: email openid profile
We are trying to implement the "Password" grant type through Express-Gateway in our Microservices. But we could not find any documentation on the Express-Gateway and the global endpoint "/oauth2/token" gives an "unauthorised" error when we try to access it through postman.
Any reference document or suggestions here will be appreciated.
Let me know if any informaton is required.
Amit
Try basic auth with user's login and secret from oauth credentials, and pass json in body:
{
"grant_type": "password",
"username": "<login>",
"password": "<password>"
}
I'm using boto3 on a lambda create a Facebook Identity Provider using:
response = client.create_identity_provider(
UserPoolId='us-east-2_asqweo3',
ProviderName='MyAppProviderName',
ProviderType='Facebook',
ProviderDetails={
'app_id': 'xxxxxxxx',
'app_secret': 'xxxxxxxx'
}
)
...but I'm getting an error saying
Identity provider cannot be of type 'Facebook'
What am I doing wrong?
ProviderName and ProviderType must have same value i.e. 'Facebook'
Also ProviderDetails for Facebook should be like
"ProviderDetails": {
"client_id": "xxxxxxxx",
"client_secret": "xxxxxxxx",
"authorize_scopes": "public_profile, email"
}
I know it's a late reply, but posting anyway for anyone who is facing this issue.
Via the cognito admin API how do I set a users password? When a user is created I can set a temporary password, I need to be able to do this to an existing user.
The newest version of the cognito api adds an action AdminSetUserPassword which has a request syntax like the following
{
"Password": "string",
"Permanent": boolean,
"Username": "string",
"UserPoolId": "string"
}
and will allow you to set a permanent or temporary password for a given user.
EDIT-2: The newest version of cognito API now supports AdminSetUserPassword.
You can't set a users password, the only thing you can do is use AdminResetUserPassword.
EDIT: You can call ForgotPassword too. But as the name suggests this is supposed to be called by a user, not an admin.
The latest of the Cognito API gives us AdminSetUserPassword which has a body of this kind
{
"Password": "string",
"Permanent": boolean,
"Username": "string",
"UserPoolId": "string"
}
using this you can set a password for a user considering yourself as an admin. You can get the UserPoolId from the Cognito user pools home page.
Headers goes as this :
X-Amz-Target: AWSCognitoIdentityProviderService.AdminSetUserPassword
Content-Type: application/x-amz-json-1.1
If you face any errors, kindly refer to this page for available headers: Making API Requests
I get this response each time I want to access my chat history with a user:
{
"error": {
"message": "(#298) You must be a developer of the application",
"type": "OAuthException",
"code": 298
}
}
The FQL query I use:
SELECT message_id, sender, body
FROM unified_message
WHERE thread_id IN
(SELECT thread_id FROM unified_thread WHERE single_recipient = 'XXXX')
ORDER BY timestamp desc;
The tool I use:
Facebook Graph Explorer
The token I use:
app: my app
user: a non-developer account
My app settings:
marked as "Live and available to all users"
From what I've read, unified_thread was once restricted to developer accounts as it was being deployed by facebook, but today any doc says that we can use this table.
If I switch to a token with a developer account, it works of course.
Are there some restrictions to use these tables I'm not aware of?