aws4 icon indicating copy to clipboard operation
aws4 copied to clipboard

Published 20 hours ago verified publisher icon mhart

How to use Cognito Identity rather than AWS credentials ?

Open BerndWessels opened this issue 7 years ago • 2 comments

Hi @mhart I'd like to call AWS services via https but rather than using fixed AWS credentials I want to use the Cognito Identity credentials of the currently logged in Cognito User. How can this be done?

BerndWessels avatar Apr 26 '18 04:04 BerndWessels

You can just do AWS.config.credentials = new AWS.CognitoIdentityCredentials(params)

rasovica avatar Jun 19 '18 02:06 rasovica

You can just do AWS.config.credentials = new AWS.CognitoIdentityCredentials(params)

This doesn't work. It ignores it and tries to use the AWS creds from the environment variable, which in my case is undefined and fails.

This seems to work:

    var params = {
            "IdentityId" : "CognitoIdentity",
            "Logins" : {
                'cognito-identity.amazonaws.com': "CognitoToken"
            }
        }
        var cognitoidentity = new AWS.CognitoIdentity();
        var tmp = await cognitoidentity.getCredentialsForIdentity(params).promise();
        tmp.region = "us-east-1";
        tmp.IdentityPoolId = "userPoolId"; 
        tmp.Logins = {
            'cognito-identity.amazonaws.com' :  "CognitoToken",
        }

        aws4.sign(
            {
                host: ('bucket-name.s3.amazonaws.com'),
                service: 's3',
                region: "us-east-1",
                path: "/bucketKey/path,
                method: 'PUT',
                signQuery: true
            },
            {
                accessKeyId: tmp.Credentials.AccessKeyId,
                secretAccessKey: tmp.Credentials.SecretKey,
            }
        );

CyberCyclone avatar Mar 23 '20 03:03 CyberCyclone