Closed smartinez-yatiribio closed 2 years ago
ppagnone
commented
2 years ago Hi @smartinez-yatiribio , your problem seem be related with s3, as suggestion I recommend to ask in paws package, but probably is because the app clientId / secret used for Cognito is different to used in s3 service.
You could check this too: https://aws.amazon.com/es/premiumsupport/knowledge-center/s3-access-key-error/
ppagnone
commented
2 years ago I close, no news about this.
AltayYuzeir
commented
5 months ago Hello. First of all I want to say thanks for developing and maintaining this awesome package. I cannot seem to access the session token which was mentioned. Is it part of the username property (from your minimal example)? I am heading to production now, and I wanted to ask you how can I review all tokens associated with an account (username/email + password combination) after login. I have similar idea to @smartinez-yatiribio to try and access user-specific S3 bucket with a cognitoR token which is to be passed on the s3 toolkit from paws package. As far as I understand, I need a token from Cognito, which will be traded for proper S3 credentials somehow, but I would like to start by reviewing these session tokens first. Do I need some special AWS IAM policies for this token, maybe GetOpenIdToken policy? Right now, I am successfully using cognitoR only with the GetCredentialsForIdentity policy, but I do not know about the tokens. Thank you once again!
dietrichson
commented
5 months ago @AltayYuzeir I am not really an AWS expert, but I'll try to reproduce the issue this week and help debug.
ppagnone
commented
5 months ago Hi @AltayYuzeir , my suggestion is to use the oauth package to get the token for access to s3. Check this private method as example, you could do something like that in your code:
https://github.com/chi2labs/cognitoR/blob/master/R/get_token_access.R
AltayYuzeir
commented
4 months ago I have been digging into this. Please excuse my lack of knowledge, AWS and webhook handling is very new to me. I have been using your hidden function to start with. But I have noticed once you login with cognitoR, your URL receives an extension like https://brightbeauty.shinyapps.io/test/?code=52a93480-7118-4038-bf1d-342618a92d6c for a brief time and then the 'code=52a93480-7118-4038-bf1d-342618a92d6c' part disappears. This code changes on every login. In the final part of the oauth2.0_access_token workflow, the function expects a parameter code which I cannot comprehend from where it needs to come. I tried the string from the URL, but was unsuccessful. In my shiny app I displayed all userdata properties (included in the picture). The first part is some kind of a string, which looks the same on every login, but plugging it into the code parameter also did not yield any results. The last part of the userdata object seems to be a string, which has a stable part and changing part on every login, also did not work for the code parameter. I would greatly appreciate any hints and advice. I also tried to have a look at the paws package's repo. They have an issue there.
library(httr) cognito_config = get_config() # original function from this repo
app_oauth <- oauth_app(appname = cognito_config$group_name, key = cognito_config$app_client_id, secret = cognito_config$app_client_secret, redirect_uri = cognito_config$redirect_uri)
endpoint_oauth <- oauth_endpoint(authorize = "authorize", access = "token", base_url = paste0(cognito_config$base_cognito_url, "/oauth2"))
token = oauth2.0_access_token(endpoint = endpoint_oauth, app = app_oauth, code = "52a93480-7118-4038-bf1d-342618a92d6c", user_params = list(client_id = cognito_config$app_client_id, grant_type = "authorization_code"), use_basic_auth = TRUE)
Hi, first of all, thanks for this nice package. I will try to explain my situation here, and let me know if something is wrong in my reasoning (I am quite new on AWS world). In Amazon Cognito, I have a user pool, and each of the users belongs to a group, and each group has an IAM role associated which will determine which S3 resources (files) are able to retrieve. Running my Shiny APP,
Is there something I am missing? I thought I would be able to use AppClient id and secret for S3 access, but maybe I am wrong...? Thank you in advance!