I am building iOS app and was looking into AWS MobileHub...I am trying to setup sign-in using AWS Cognito, I have configured the identitypool with my custom OpenID Connect provider (I built my own with IdentityServer) but when I configure Sign in using the MobileHub it only gives me the option to use Facebook, Google, Twitter (coming soon), or a custom authentication backend (NOT OpenID)...am I missing something or is this not supported yet with MobileHub.
Mobile Hub does not currently support OpenID Connect providers. However, because you have configured your Cognito identity pool to support OpenID, you can use the AWS SDK directly to handle authentication. This blog post should help:
https://blogs.aws.amazon.com/security/post/Tx3LP54JOGBE0AY/Building-an-App-using-Amazon-Cognito-and-an-OpenID-Connect-Identity-Provider
Related
There is a mobile app that uses OpenID Connect for SSO. That mobile app is not built with AWS. Developers of that app are asking me to provide my own SSO service with OpenID Connect that they can use it for user authentication in that app.
My question is: Does the AWS Cognito right tool to built my own SSO service with OpenID Connect that will suit well for the case described above?
yes, it will. Other alternatives are Auth0, Microsoft Azure AD
I have a react application which uses Amplify to connect to AWS cognito userpool. I wanted to connect zendesk to this userpool using SAML, so that any user, logged into my react application should automatically get logged into zendesk.
I went through zendesk's documentation for SSO and it supports SAML based authentication. But on congito side, it doesn't support SAML as an Identity Provider.
Can somebody please help me understand the right way of connecting these two applications?
Does AWS Amplify work without Cognito as Idp or Identity broker . We have use case to use Amplify react libraries to Authenticate Ping or Okta and Authorize STS
From the image below you can see there are other Login mechanisms you can use like Google, Apple, and Facebook. Unfortunately Okta is not supported through the Amplify console directly, so you still have to use Cognito to handle the request and then use an "Authorizer" Lambda function from Cognito to Okta as per this article:
AWS Amplify, Cognito, and OpenID connect identity provider
Another option might be to tie the Okta authentication into each web app directly using the Okta SDKs here:
Okta Languages & SDKs
Recently I faced a new requirement to link or connect Google oidc external provider with aws cognito.
Background: my frontend application is running in aws and integrated with cognito for users and groups. Due to new requirements I have to connect client web application (jupyterhub) which is running on GCP vm instances.
My question is here : is this compatible or possible to use Google IAP with external oidc provider which could link to aws cognito app client and provide cognito UI to login?
Has someone faced such situation?
I would appreciate any comments or thought on this scanerio.
Many thanks
Adam
You can authenticate users with a wide range of identity providers such as OIDC and more by combining IAP and Identity Platform.
Identity Platform can be used to sign in users with an OpenID Connect (OIDC) provider.
AWS Cognito provides two services: user pools and identity pools. Both are similar but different concepts, ok so far.
I want to use the feature federation of a user pool.
I do NOT want to use this feature with the hosted UI.
I do NOT want to use this feature with identity pool.
I would like to use the federation login of a user pool of facebook or google of a user pool in a reactive native application. For example only with AWS sdk, for example, auth SDK from amplify.
However, I find no possibility to use the federation login of the user pool over the API (not hosted UI).
A synonym to Auth.signIn but with federation facebook using react native, for example with expo.
With expo i get the facebook tokens via
const { type, token, expires } = await Expo.Facebook.logInWithReadPermissionsAsync(aws_exports.aws_facebook_id, {
permissions: ['public_profile'],
});
How to use federated Auth using aws-amplify API without hosted UI?
Amplify does not use a User Pool API for signing in via a third-party provider, and the APIs offered for third-party providers are just for Identity Pools. Currently, there's a feature request with the AWS Amplify SDK team for the same.
A workaround would be to use the AUTHORIZATION Endpoint directly, and make suited HTTP requests to achieve your requirements.
Here's a post that shows how to use Google and Facebook to authenticate with the user pools. It's way too much to repeat here, so check out the link.
https://dev.to/dabit3/the-complete-guide-to-user-authentication-with-the-amplify-framework-2inh
Hope this helps.