So my app authenticates user using aws cognito and facebook login, I manage to make the authentication work, now my problem is I need to disable or deactivated user from authenticating from my app, for cognito users I can just use my userpool and disable the account, but how can I do the same for facebook users? Is it possible to disable/deactivate users using the federated identity?
Related
AWS cognito allows 2fa after username, password login but not after social signin.
Is there any way to enforce user for two factor authentication after google or any other identity provider login?
If you allow your users to use 3rd party Auth options like Google, Facebook, etc. Then it's up to those providers to mandate MFA/2FA. If you want to enforce MFA for whatever reason, then don't allow federated authentication. Documentation on how to add MFA with cognito: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html
I have an authentication service currently integrated with CA layer 7 API Gateway. When user presents username/password to L7, it forwards the call to the auth-service, which returns JWT and session id if credentials are valid.
I am looking to integrate this auth service with AWS API gateway through cognito federated identities. I am not clear on how to integrate this set up and migrate the existing users to the user pools. I am looking for an option to eliminate the need of saving credentials in internal database. Is it possible once I migrate the users to user pools? Also, what all the features my auth-service should be able to support as added to federated identities.
It would be really helpful if you could share the relevant implementation samples.
You can import users into the cognito user pool. This will transfer all information except for the password. All users will need to create a new password when they try to log in for the first time.
If you don't want to use user pools you can just add your current authentication as a federated identity provider.
I think you should stick to just using federated identity unless you are not satisfied with your authentication app since cognito user pool requires passwords. It will be far simpler to just created a federated identity pool and configure your app with it.
I'm using Cognito with a user pool to provide authentication for my Ionic application application. The application use AWS Amplify to perform the Signup and Signin operation.
Now, I need to add facebook authentication so I added an external federated identity mapping also the facebook attributes to the corresponding Cognito user pool attributes.
On the application side I use the Facebook SDK to login with Facebook, receive Facebook's JWT token and call the Amplify federatedSignIn() to authenticate. The authentication works but no user is created inside the Cognito user pool (accordingly to official documentation "Whether your users sign in directly or through a third party, all users have a profile in the user pool").
Since the user is not created I cannot call the Amplify method currentSession() to get the token (to be used for lambda authentication) since there is no user.
Am I missing something?
This is the expected behaviour using federated identity. In order to use socials login through Cognito user pool its necessary to use Cognito's built-in hosted UI which is not supported by Ionic at the moment.
I'm using developer identity provider in conjunction with AWS Federated Identities.
Now I'm working on password change use case and unable to find how I can revoke all of user's active sessions.
It's essential to revoke all of current sessions when user changes password.
How it's possible?
i am using AWS Cognito to manage my app Sign In and Log In, on this way i authenticate my user against the user pool and obtain the jwt tokens (id token, access token and refresh token), i am using the id token to authenticate my app against the backend.
Now i want to integrate my app to make Sign in and Log in with Facebook, Gmail and others, as far as i know i should use the AWS Federated Identities, but i dont know how can i create my user in the user pool using the Facebook Login (p.eg) and obtain the tokens, may someone help me?
The way to federate identities into AWS is by using AWS Cognito Federated Identity as you mentioned. Your user pool can be configured as an identity provider for your identity pool, similar to Facebook, and Google. So all these options function as identity providers for your identity pool in order to federate identities into AWS.