djar
commented
6 years ago Neta,
Did you manage to figure this out? I've got the same question myself and I'm surprised you haven't had a response yet.
Open NetaLev opened 7 years ago
djar
commented
6 years ago Neta,
Did you manage to figure this out? I've got the same question myself and I'm surprised you haven't had a response yet.
rcfrias
commented
6 years ago @NetaLev I think there is a confusion with what you are trying to achieve. This library: amazon-cognito-auth-js is an "out of the box alternative" to provide Auth for applications without needing to create a custom UI and custom Auth workflows. The goal of this feature is to let AWS take over your auth flow and let you focus on your main app.
What you are trying to do is already achievable with the AWS-Cognito SDK, you dont need to use cognito auth for this...
itrestian
commented
6 years ago @rcfrias is correct, what you are trying to achieve should be feasible with the cognito identity javascript SDK. This library just interacts with the OAuth compliant endpoints and with the hosted UI. If you don't need to federate Facebook, Google users etc that is all you would need.
djar
commented
6 years ago @rcfrias @itrestian I think the above responses are missing one important factor.
So far, the only documentation provided on using "Federation" as opposed to "Federated Identities" is to use the cognito-auth SDK (with a Hosted UI). There is no suggested approach of having a Cutom UI with "Federation" this using the cognito-identity SDK.
The problem with "Federated Identities" is that when you use Cognito User Pools with Federated Identities, the User Pool becomes a seperate identity to your Facebook and Google ones. This problem is solved using "Federation", where by you can more or less authenticate users using their Facebook account to log in as a particular User Pool user.
itrestian
commented
6 years ago @djar Yes, you are correct in the sense that at this point, federation with user pools can be achieved by using the hosted UI and this SDK.
rachitdhall
commented
6 years ago If you have your own UI and only need Federation with User Pools, you can achieve that by redirecting the users to the /authorize endpoint with the identity_provider parameter. This will take them to the login page for the identity provider and upon successful authentication redirect to the redirect_uri specified by you.
djar
commented
6 years ago Thanks @rachitdhall I guess what is missing here is some detailed documentation and/or a sample application showing how this is done. Would it be possible for your team to spend some time providing an example?
yuntuowang
commented
6 years ago I will mark this as a feature request. However we cannot estimate the delivery time at this point.
railsstudent
commented
6 years ago I have the same issue but I don't understand the explanation of @rachitdhall
I want to authenticate by google and use has to input phone number at the same time.
Please advise. Thanks.
yuntuowang
commented
6 years ago @railsstudent What @rachitdhall means is that you can specify identity provide as a parameter in the url, and you can automatically trigger social provider authentication flow.
E.g., the login url will be like: https://
The second thing, if you want to authenticate by google, then google may not needs user to input phone number. You need to check google developer guide for this. Our Cognito SDK doesn't have much to do with this.
siadatmark
commented
6 years ago @yuntuowang I'm using a custom UI and would like to use the Authorize endpoint. It works fine if the user has already authorized the app in the Provider (say Facebook). But if the user hasn't authorized the app before, I get errors.
Is it possible to use the Authorize endpoint for Facebook (or the other Identity Providers) for users who don't have the app already authorized?
Thanks!
yuntuowang
commented
6 years ago Hi @siadatmark, what error did you get? So you are using your own UI but not hosted UI by Cognito?
Simonaa27
commented
6 years ago @yuntuowang I want to implement facebook and google login, with user pool identity providers, using mine UI (not the hosted one). I want to store the facebook/google attributes in the cognito user pool. Is there a way on how to do this? Any help?
srinathSanjeeva
commented
6 years ago Hi @yuntuowang ,
Am implementing Cognito hosted UI screen and in my client application to login am using withOAuth API from AWS Amplify. Am receiving the code from Cognito in my redirect_uri. However, in this redirect_uri page, when am trying to call getCurrentUser either by using 'amazon-cognito-identity-js' or from AWS Amplify API, am not able to get currently logged in user. It says, no user is logged in initially, and on refresh, am able to get user details. Why am I not able to get user details on after the initial redirect? Should I be calling oauth2/token endpoint after I land in redirect uri and then call to get user details?
Hi,
I have already started implementing a login/registration using Amazon Cognito Identity SDK for JavaScript. I have my own custom designed UI, which is self hosted.
My question is: can I connect my UI directly to some functions in the amazon-cognito-auth-js without using the already made hosted UI?
For example, I would like to use amazon-cognito-auth-js to handle some security issues, and to handle user sessions & cookies.
I've already started implementing a security handlers (to prevent, CSRF, SQL INJECTION, XSS...) & cookies handling mechanism myself, but my guess is that the AWS team did a better job than me... therefore I prefer to switch to the amazon-cognito-auth-js implementation, if possible.
Any help or guidance will be highly appreciated, Thanks!
Neta L.