egut
commented
6 years ago I finally figure it out,
In the config file I have user_pool_id, client_id and identity_pool_id in as provided from AWS. Hope this helps others that gets stuck in the same mess. :)
def get_temporary_credentials(username, password):
try:
aws = AWSSRP(username = username,
password = password,
pool_id = config.get('cognito', 'user_pool_id'),
client_id = config.get('cognito', 'client_id'))
tokens = aws.authenticate_user()
client = boto3.client('cognito-identity', config.get('cognito', 'region'))
login_provider = 'cognito-idp.' + config.get('cognito', 'region') + '.amazonaws.com/' + config.get('cognito', 'user_pool_id')
identity_pool = client.get_id(IdentityPoolId = config.get('cognito', 'identity_pool_id'),
Logins={login_provider: tokens['AuthenticationResult']['IdToken']})
credentials = client.get_credentials_for_identity(IdentityId = identity_pool['IdentityId'],
Logins={login_provider: tokens['AuthenticationResult']['IdToken']})
return credentials
except ClientError as e:
print "*** FAILED ***"
print e
sys.exit(1)
bjinwright
Hi,
I'm looking for a python implementation for accessing cognito and specifically cognito identity so I can get temporal credentials to access other stuff in AWS.
To login with warrant works like a charm, then I think I need to do
The problem is that I do not know what AWS want for parameters. I think IdentiyId is IdentiyPoolId (if not client.getId() will get it) For the Logins part I'm lost, well the first part should be 'cognito-idp.amazonaws.com/'+userPool I think but for the second part I haven't figure it out. Nor find any examples ether.
I know that this are currently out of scope for warrant, but I just hopping that one of you have done this before and can give me a hand.