Cognito - federated identity - how to do social login? Are there any tutorials?

[surajr]

Wondering if any useful links and samples for federated identity

[jayair]

@surajr Yeah it's on our list. For Federated Identity with FB (or the like) you need to add another authenticator here - https://github.com/AnomalyInnovations/serverless-stack-demo-client/blob/master/src/libs/awsLib.js#L135

And set them up as a provider in the Identity Pool console - https://d33wubrfki0l68.cloudfront.net/d64f178a48f4c8f6c78b8b5c84e3e85373aa5b14/743a8/assets/cognito-identity-pool/fill-authentication-provider-info.png

[ozbillwang]

@jayair

I'd like to add some iam policies, I think it need be cared by federated identify. (I can use cognito as provider)

But how to customize in this part? any samples for me?

the code (L135) with new amplify has gone. So I paste it here:

function getAwsCredentials(userToken) {
  const authenticator = `cognito-idp.${config.cognito
    .REGION}.amazonaws.com/${config.cognito.USER_POOL_ID}`;

  AWS.config.update({ region: config.cognito.REGION });

  AWS.config.credentials = new AWS.CognitoIdentityCredentials({
    IdentityPoolId: config.cognito.IDENTITY_POOL_ID,
    Logins: {
      [authenticator]: userToken
    }
  });

  return AWS.config.credentials.getPromise();
}

[jayair]

@ozbillwang I'm not sure what you mean. What do you want to customize?

[ozbillwang]

@jayair

I have custom authorizer (a lambda function) already to verify the access to API gateway (different endpoints with different access permission). The custom authorizer will generate the different IAM policies depend on different endpoints.

Now I need add one more layer (cognito) in front of API Gateway. Only registered users can access this api gateway.

How could I merge them (cognito and my original custom authorizer) into one? All the samples are to using cognito to verify the user pool or identifies pool, but how to add more custom authorizer codes within it?

[jayair]

@ozbillwang Yeah I'm not entirely sure how that works. Usually you would use a custom authorizer in place of Cognito as opposed to using them together.