Open minbi opened 5 years ago
Hi @Shusshu,
Can you provide some more detail on how you are getting the Facebook token and what you are passing to Amazon Cognito? Are you exchanging the code for a token before you pass the code to Cognito?
Hi @minbi I'm using the Facebook Login button via their SDK 4.40 thus I receive a long-lived access token from facebook which I then pass to cognito oauth2/idresponse
I also tried to exchange the long-lived access token against a short lived access token by calling https://graph.facebook.com/oauth/client_code (see https://developers.facebook.com/docs/facebook-login/access-tokens/refreshing#long-via-code) I was planning to migrate that part server side as the client secret shouldn't be in the app but anyway it did not work either.
Hi @Shusshu ,
The oauth2/idresponse path does not accept tokens. It accepts the code that is passed back during the OAuth protocol.
Since there is no way to get that code back from the Facebook SDK when will AWS support this feature? Firebase Auth is properly dealing with Facebook's access token... it can be done!
I will take this request to the service team. This is currently not supported by the service.
It seems the google solution I posted earlier isn't working anymore... @minbi did you guys patch something server side to block this workaround?
@Shusshu I moved your issue, so we can track it without combining issues.
I managed to get the Google auth working with user pools but not for Facebook follow the steps here: https://aws.amazon.com/blogs/mobile/understanding-amazon-cognito-user-pool-oauth-2-0-grants/
Only works for google and not facebook .... issue with the facebook access token ... it's not the one aws needs
=-=-=-=-=-=-=-=-=-=
@minbi Could you help out with facebook?
oauth2/idresponse on AWS needs to be able to work with the access token from facebook (Firebase Auth is doing it) Maybe you can use: https://developers.facebook.com/docs/facebook-login/access-tokens/refreshing#long-via-code