search

amazon-archives / amazon-cognito-auth-js

The Amazon Cognito Auth SDK for JavaScript simplifies adding sign-up, sign-in with user profile functionality to web apps.
Apache License 2.0
423 stars 232 forks source link

Does this library work with native applications? #28

Closed ildar-icoosoft closed 6 years ago

ildar-icoosoft commented 6 years ago

Google does not accept authentication in web view vwtec 1

Is it possible to authenticate users in Google in mobile applications using your sdk?

rcfrias commented 6 years ago

Does this library work with native applications?

Yes, it does. I have it working with native iOS.

Is it possible to authenticate users in Google in mobile applications

Not sure about this one (maybe you refer to Chrome for mobile, or with a Google account in Android?), but I assume by the screenshot you shared, you are working on a Hybrid app (Web view)? Any how, if the app runs as "native", it will display the auth UI on your default mobile browser to authenticate, and return with the response for you to handle.

If you develop a WebApp it will all happen in the same mobile browser.

ildar-icoosoft commented 6 years ago

I tried to open URL https://{yourdomain}.auth.{region}.amazoncognito.com/oauth2/authorize?identity_provider=Google&redirect_uri=https://{yourpage}&response_type=token&client_id={your_user_pool_app_id}&scope=openid%20email%20profile%20aws.cognito.signin.user.admin&state={verify_string} in browser (I use Cordova InAppBrowser plugin for opening WEB UI). As I understand this library do the same. It opens URL. The problem is that Google authentication does not work in mobile browser: dinqu

rcfrias commented 6 years ago

Hey @ildar-icoosoft , I am not sure what you wrote at the beginning of your reply, the url looks odd to me. I will keep the "Google authentication does not work in mobile browser:", and suggest to give a look to the new options in the console. At beta stage only SAML was enabled, but as I just checked, now in production you also have Google, Amazon and Facebook.

If your goal is to use Google, I would double check your settings at "console.cloud.google.com", to be sure you are using the right App ID, App Secret and Authorize Scope.

Also it is important note, that your app url is using https, otherwise it wont work.

ildar-icoosoft commented 6 years ago

@rcfrias I have a web application that I'm converting to a mobile application with Apache Corova.

I'm trying to authenticate users in User Pool with Google. Here is screenshot of the console: https://i.stack.imgur.com/vwTEC.png

The only way to authenticate in User Pool with Google is using AWS UI. You can set up it in App Integration section. (I would like to get Google Access Token via SDK, send it to AWS and authenticate User, but it is not possible now. AWS does not allow this method.) The URL of AWS UI authentication form you can set up here: https://imgur.com/a/MW8bA

Please look at the sample: https://github.com/aws/amazon-cognito-auth-js/blob/master/sample/index.html

I set up my values to authData (line 191). AppWebDomain is from AWS console: https://some-name.auth.us-east-1.amazoncognito.com

If you click on signInButton, then auth.getSession(); is called. And URL https://some-name.auth.us-east-1.amazoncognito.com/login?redirect_uri=https%3A%2F%2Flocalhost%3A2000&response_type=token&client_id=my-client-id&state=JZUl1iwOobkIqtev4G5NqM8oznfxtTvM&scope=phone%20email%20openid%20aws.cognito.signin.user.admin%20profile in browser (page №1) will be opened in browser

Then if you click on "Continue with Google" button then you will be redirected to URL like: https://{yourdomain}.auth.{region}.amazoncognito.com/oauth2/authorize?identity_provider=Google&redirect_uri=https://{yourpage}&response_type=token&client_id={your_user_pool_app_id}&scope=openid%20email%20profile%20aws.cognito.signin.user.admin&state={verify_string} (page №2)

After authentication user will be redirected to my application with tokens in URL. And I can parse them using function: auth.parseCognitoWebResponse(window.location.href);

I think that I can open URL and parse tokens myself. Without using this library (https://github.com/aws/amazon-cognito-auth-js).

So I just open AWS UI authentication window. I don't want users to see AWS UI, so I open page №2 instead of page №1. User authenticates in Google and is redirected to my application with tokens. Everything works fine in web application. But there is a problem in mobile appliation. There is no redirects in mobile application. So I tried to use Cordova InAppBrowser plugin for opening page №2. This works fine with Facebook. But Google does not allowed authentication in Web View.

rcfrias commented 6 years ago

@ildar-icoosoft ok, this makes more sense. So it is in fact a "hybrid-like" application like the one you can code with something like xamarin, ionic or react-native. And the problem is that you want to use the web approach in a native environment.

In that case, I would stick to use native approach with native apps. It might be a coincidence that facebook works.

The whole idea around this, is to avoid including auth logic into your code/app. There is clearly a restriction on doing this the "un-intended" way, that might be tweaked in the future to be allowed to overpass the restriction. And, as you might have found out, this could even be something on Google's side. I will be watching this thread, since I am interested to know if this was addressed somehow. I hope you find at least a workaround, good luck!

Nitansh44 commented 6 years ago

Any progress on this issue.