amazon-archives
Google sign in not being saved to user pool
when trying to integrate cognito google sign in userPool.getCurrentUser(); always returns null afterwards. I can see it is being registered in my identity pool but the doc's are not clear on the next steps
Looking through cognito sample applications, social sign in with pools seems to be a recurring feature request, and also even if not adding to pool how to integrate with an application that uses both the pool and social sign in would be useful.
We added support for Federation through Facebook, Google and LoginWithAmazon for User Pools. This will create a user in user pool when a user logs in with federation. You can also capture the attributes from Facebook using the attribute mapping feature. More details http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html .
@itrestian thanks for your reply!
I tried following the guide but had no luck(also noted I tried to find examples and other people posted similar issues getting started), a sample repo/example with an instructional readme would be quite helpful! 😃
@itrestian Woah haha that's awesome! 🎉 I am guessing documentation/sample is coming up in the next couple days?
@itrestian This is an interesting addition beyond the SAML integration. I went through the documentation and have the following questions.
- The auth success call back comes with ?code=xxxxxxxxx. What is this code and how do we proceed to know who is the logged in user?
- In App Settings, callback url must be https. How do we then test apps running on localhost?
- Say we have FB, Google and user pool in app integration and have completed the respective mapping of attributes. If a user using FB with email [email protected] logs in, does it create a separate user in user pool when compared to a google login with the same email id?
- If answer to #2 is yes, then how do we link them automatically based on email address?
- I also saw that now either code and Link are being used to confirm the user ( I created a user pool user ). When the user clicks the "Verify Link", it takes him to another page, shows a congratulations page. In my opinion it should automatically take him to the signin page post successful verification. This will improve the usability of the signup-confirm-signin process. Else the user has to wade through different tabs to figure out how to sign in after confirmation. Can the confirmation page be customized?
Also the docs on this are... less than clear. In the authorization window at google / fb, Do I need to specify a redirect uri like https://cognito-identity.us-east-1.amazonaws.com/oauth2/idpresponse?
Docs have always been very limited and more so due to lack of examples. I m still waiting for the response from my earlier questions listed above
@prem911 1. If you're using the authorization code grant flow, that code can be used against the token endpoint to issue tokens. Once you exchange that code for tokens, you can parse the username from the tokens. That's what the auth SDK does. 2. That's a good point. I will mention this use case within the team as a feature request. 3 & 4. Yes, separate users are created. There's no implicit linking, you would have to call the 'admin link provider for user' from your backend to link them based on common attributes. http://docs.aws.amazon.com/cli/latest/reference/cognito-idp/admin-link-provider-for-user.html 5. I will mention this within the team as a feature request for configuring this behaviour.
@bennypowers Supporting OIDC providers is on the roadmap. I cannot comment on the timeline.
hey can you post a link for how to add user to cognito user pool after i get token from facebook authentication using the facebook sdk. I am tired of finding a documentation for this. Any help would be appreciated. Thanks
@itrestian Thanks for the detailed reply. admin-link-provider-for-user looks like is available in AWS CLI only. How to do using JS SDK?
@prem911 are you able to add google / facebook user to cognito user pool because i think admin-link-provider-for-user is for linking social identity to existing user and not for creating the user.
@ashutoshgarg0007 The way I do is when a user logins with FB or G+ credentials, I read their public profile and create a user pool user using the admin api. This user gets a verification email and I handled the account activation using my application. I m stuck at auto linking from the social account to this user pool account.
@prem911 but there must be standard way of doing it because if we add the user manually then what's the point of linking attributes and provider. The documentation is not clear. I am also stuck on how to do this.
@ashutoshgarg0007 ashutoshgarg0007 Yes, you would have to use the Auth sdk to interact with the authorize/token endpoints. https://github.com/aws/amazon-cognito-auth-js/
That would have you login with Facebook if Facebook is an identity provider for your user pool. A corresponding user is created in your user pool and the auth SDK saves that username and tokens in a local storage location (same location where this SDK retrieves it from). By using use case 16 in this SDK you can retrieve that user and the session containing the tokens.
@itrestian thanks for the info. Do you know how to do it in c# / xamarin. Any help would be appreciated. Thanks
We currently have no SDKs available for c# or xamarin. The authorization, token endpoints are OAuth2 compliant so you can interact with them by submitting get/post requests with the necessary parameters mentioned in the docs http://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html
@prem911 It is available in the main Javascript AWS SDK. Note that it is an operation that's supposed to be called from your backend so it requires AWS credentials.
https://github.com/aws/aws-sdk-js/blob/master/apis/cognito-idp-2016-04-18.normal.json#L271
Thanks, @itrestian Found the js SDK documentation here http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html#adminLinkProviderForUser-property Read the documentation and without an example, it's little difficult to get a good grip on it. Any pointers on a good example.
@itrestian - you mention the auth SDK (https://github.com/aws/amazon-cognito-auth-js/). Unfortunately these two are not compatible. Or rather: they use different copies of the aws-cognito-sdk.js file which are not compatible with each other. How can this conflict be resolved?
See https://github.com/aws/amazon-cognito-auth-js/issues/27
@maciejtreder I just ended up switching to Firebase Authentication, I still use most of AWS, however, firebase auth took me 30 minutes to get up and going 👍
Also has great documentation on top of an amazing SDK. I am hopeful cognito gets to firebase auth's level of sophistication.
There is a nice demo on firebaseUI. This is a dropin auth solution. https://fir-ui-demo-84a6c.firebaseapp.com
The biggest positive that I see is that you can tie all logins to a single email id. I have struggled to get a basic solution with this requirement in Cognito. Explore the demo and lets ask AWS team to incorporate a few of the nice things here too :)
-Prem
On Fri, Oct 6, 2017 at 1:12 AM, MatheusParanhos [email protected] wrote:
@marclave https://github.com/marclave how that works? is it smooth?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/aws/amazon-cognito-identity-js/issues/500#issuecomment-334571306, or mute the thread https://github.com/notifications/unsubscribe-auth/AHavY5BFt8VNQjcxYrlEeWjSYA2QJz20ks5spTE_gaJpZM4OzyiL .
This also cost me many days! I could sign in facebook users according to the document, but the user could not be created in my cognito user pool, it should be created automatically. I don't know what did I miss. BTW, the document is still so hard to use compared to Firebase.
Damn. I think I'll just use firebase for login but this seems hacky to me. I'd def prefer using cognito along with other aws. Userpool with firebase and other stuff with aws for now is being a no :( but I think using the aws javascript sdk allows you to use react-native alongside. If somebody else than me tries this please share a solution ✌️
@itrestian We configured the https://github.com/aws/amazon-cognito-auth-js and is working good, it is creating a User after the user login with fb/google on the User Pool and is linking the attributes, but we cannot use the hosted UI because we have a Angular client and after user login, it "redirect" back causing all javascript values on the Angular application get refresh
@itrestian could you create a example of how to sing up a User using FB/Google
- Create the user on the user pool
- Call admin-link-provider-for-user
- Sing in the user
For the #3 I am no sure how to singin an existing User that have been singup using FB/Google
@itrestian On Aug 17 you replied with:
@ashutoshgarg0007 ashutoshgarg0007 Yes, you would have to use the Auth sdk to interact with the authorize/token endpoints. https://github.com/aws/amazon-cognito-auth-js/
That would have you login with Facebook if Facebook is an identity provider for your user pool. A corresponding user is created in your user pool and the auth SDK saves that username and tokens in a local storage location (same location where this SDK retrieves it from). By using use case 16 in this SDK you can retrieve that user and the session containing the tokens.
But there is no use case 16 on this.
I am trying my best to figure out how to do something very simple and has been asked many times on this thread (and many other as well).
@ashutoshgarg0007 said it best:
hey can you post a link for how to add user to cognito user pool after i get token from facebook authentication using the facebook sdk. I am tired of finding a documentation for this. Any help would be appreciated. Thanks
