amazon-archives / aws-cognito-angular-quickstart

An Angular(v5)-based QuickStart single-page app utilizing Amazon Cognito, S3, and DynamoDB (Serverless architecture)
https://cognito.budilov.com
Apache License 2.0
689 stars 302 forks source link

Login via FB, google and etc #86

Closed GraDea closed 7 years ago

GraDea commented 7 years ago

What about social logins?

Best.

vbudilov commented 7 years ago

I made it into an enhancement. Feel free to submit a PR if you already have this functionality.

sanjaychavan1991 commented 7 years ago

That would be grateful if you'll try to make it available for Gooogle & Facebook.

styk-tv commented 7 years ago

Just to confirm we are still talking about Cognito in context of federated login? STS has user id field so we eould need to make sure this is populated properly. I'm after Github personally.

sanjaychavan1991 commented 7 years ago

@styk-tv, Yes you got me right. This is about cognito federated login.

That would be very much helpful if we can do this

Thanks for the response

styk-tv commented 7 years ago

@sanjaychavan1991

I know its possible for Amazon login, Amazon Cognito, Facebook, Google http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable

In theory we could implement any oauth2 provider and replace registration/verification element with population of Cognito user registration based on already verified social login details.

You click a button on UI, login at social, confirm app permissions, get token, use oauth token to verify user (call back social), see if user exists in Cognito, if yes login, if not register, return back. I think it would work if you do all this after token is posed by social in a single gateway/lambda as needs to be done on server without user tampering with details.

Next time either login or use cookie but each time it would result of social acknowledging login and cognito recognizing login behind the scene, with possibility of retrieval of userid with GetIdentity on STS.

Obviously trying to find a way without solutions like SAML. Is this too far fetched? It would be easy then to go after all socials like on this list https://github.com/lepture/flask-oauthlib/tree/master/example (turn them one by one into lambda-gateways)

sanjaychavan1991 commented 7 years ago

@styk-tv Yes, this could be the optional way to do the social logins. But @styk-tv, I will be very much thankful to you guys if we can implement the proper use of federated login.

styk-tv commented 7 years ago

@sanjaychavan1991 you might find this article helpful https://www.npmjs.com/package/serverless-authentication-boilerplate

vbudilov commented 7 years ago

@GraDea , here's the documentation for social identity federation: http://docs.aws.amazon.com/cognito/latest/developerguide/facebook.html

Basically, you will use whatever authz flow you currently use to authenticate your users with FB, Google, etc, and then federate with Cognito.

The following project is in beta, currently, with "Support for more identity providers is coming soon.": http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html