I am using AWS cognito. I can do the FB login, Google, Amazon, and even developer authenticated identity with no problem. However, I am using the developer authenticated identity to let the user log in with a third party, Spotify. As far as I know, Spotify does not use OpenID Connect, so I can't go that route, and it is not one of the supported identities in Cognito (only Facebook, Google and Amazon). I need to add another log in that is also not OpenID Connect compatible and not FB, Google or Amazon, but I can't figure out from the documentation and web console how to create more than one developer authenticated account domains or if it is even possible.
Any tips?
Currently Amazon Cognito does not support multiple developer providers. You can post a feature request in our forums, it will help us prioritize features in our roadmap.
Thanks,
Rachit
Related
I'm trying to configure my AWS cognito User pool for federated sign-in for microsoft users. I've followed this article.
https://aws.amazon.com/blogs/security/how-to-set-up-amazon-cognito-for-federated-authentication-using-azure-ad/
This authentication flow is working only for the users who are associated with specific enterprise application created inside Azure AD. I have multiple clients who are having their own Azure AD instances for maintaining their users and handling authentication. I need to onboard those users in my application using federated sign-in. Hence I'm trying to give a generic button to end users to Login with Microsoft. Can someone please suggest the direction?
It has come to my attention that recently AWS added support for federated social providers to authenticate into user pools:
AWS cognito: sign in with usernam/password OR facebook (the last answer seems to be from someone over at AWS)
This is extremely useful as now I can have all my users under one directory. My question is if I set up federation to login to user pools and generate the sample app from mobile hub will it have the functionality I am looking for? Or do I need to code it myself? As it stands in the mobile hub there are no options to generate a user pool with federation from a social identity provider.
AWS MobileHub currently doesn't support the functionality of authenticating federated social providers into user pools. Please let us know if you have any further questions. Regards, Nidhi
I would like to implement Google like login features in my products… like once you register on Gmail you don’t need to register for Youtube or drive..Can Amazon cognito will help me?
You are looking for a technology known as single sign-on
You can use user Gmail, Facebook etc ids to sign up for your system and then you can authenticate across all you application.
if you don't want to use Gmail, Facebook then you should go ahead for OpenID
You can read about OpenID here
Amazon Cognito does provide Single Sign On if you rely on the domain created for your user pool. So if the authentication for all the products is happening from that domain, you can achieve SSO with different redirect_uri pointing to different products.
I am attempting to allow a third party app (Google Home) to access information from a AWS Cognito User Pool.
The flow of the entire process is as follows (assuming I understand it correctly that is):
The user tries to link their devices (which are all managed inside various AWS services) to Google Home.
The user is then redirected to our oauth2 page where they log into their account in the cognito user pool
They succesfully log in and are provided with an oauth token
The Google Home app can then use that token to send requests to our back end, allowing them to control their devices, but not the devices belonging to other users.
I am not exactly sure how to setup the cognito user pool as an oauth2 provider. I can find lots of info going the other way (for instance using Google to sign into our AWS user pool using federated identities) but that doesn't solve our problem.
Any help or direction would be greatly appreciated.
Thanks in advance
Amazon Cognito now supports OAuth 2.0. Login to the Amazon Cognito Console and follow these steps for an existing user pool:
Create a domain in the "App Integration" section.
In the same navigation go to "App Client Settings" and enable the providers you want enabled on the client, in your case Cognito. Also add the allowed callback and logout URIs as well as the allowed OAuth flows and scopes.
Now your authorize endpoint is https://.auth..amazoncognito.com/authorize?client_id=&redirect_uri=&response_type= and same way you can find the token endpoint.
More details...
Does it make sense to attempt to use AWS Cognito as a Django authentication back-end? What would be the advantages of doing so? What would be some challenges / problem areas?
Has anyone done any work in this direction?
It depends a bit on what your goal is for it as a back end. Cognito Identity doesn't currently manage users or user registration...etc. It leverages public providers (e.g. Twitter, Facebook, Digits, Google, Amazon...etc.) to get AWS credentials to access other AWS resources.
What were you hoping to do with this backend?
EDIT: As is commented below, the new Cognito User Pools feature allows this to happen.