amazon-cognito-identity-dart-2 icon indicating copy to clipboard operation
amazon-cognito-identity-dart-2 copied to clipboard

Published 20 hours ago verified publisher icon furaiev

How to proceed after getting Open ID credentials (e.g. Google Sign In)?

Open orestesgaolin opened this issue 2 years ago • 6 comments

I'm trying to use Google Sign In through Open Id Connect provider together with Cognito. I'm able to get the CognitoCredentials more or less like this:

    final aToken = CognitoAccessToken(accessToken); // from Google Sign In
    final iToken = CognitoIdToken(idToken); // from Google Sign
    final _credential = CognitoCredentials(
      'us-east-1:axxx',
      _userPool,
    );
    await _credential.getAwsCredentials(
      idToken,
      'accounts.google.com',
    );

At this stage credentials object contains all the fields.

CleanShot 2021-09-02 at 17 37 25@2x

However, I'm not sure how to create and authenticate the CognitoUser having this data. When calling

    final session = CognitoUserSession(
      iToken,
      aToken,
      // refreshToken: rToken, // no access to refresh token from google sign in
    );
    final user = CognitoUser(
      'xxx',
      _userPool,
      signInUserSession: session,
    );

    final attributes = await user.getUserAttributes();

The last call fails with User is not authenticated exception.

Is there something obvious I'm missing? How to get the authenticated CognitoUser?

orestesgaolin avatar Sep 02 '21 15:09 orestesgaolin

I hope official documentation will help you https://docs.aws.amazon.com/cognito/latest/developerguide/google.html

furaiev avatar Sep 03 '21 17:09 furaiev

I'm not sure if I follow but based on the docs you linked it looks like we end up at the same stage i.e. I get the AWS credentials, by calling:

await _credential.getAwsCredentials(
      idToken,
      'accounts.google.com',
    );

and this is essentially the same as JS:

     // Obtain AWS credentials
     AWS.config.credentials.get(function(){
        // Access AWS resources here.
     });

Do I understand correctly, that from this point on I'm authenticated and should use Google Sign In status to determine the session status?

orestesgaolin avatar Sep 04 '21 15:09 orestesgaolin

Please try on this step:

final user = CognitoUser(
      'xxx',
      _userPool,
      signInUserSession: session,
    );

change your 'xxx' to null.

furaiev avatar Sep 04 '21 17:09 furaiev

@orestesgaolin Did @furaiev 's solution resolve this? I am just about to start using this but want to know.

nyck33 avatar Sep 06 '21 02:09 nyck33

Nope, doesn't work for now

orestesgaolin avatar Sep 06 '21 06:09 orestesgaolin

is there any update on this issue? I'm facing the same problem.

diegodavilac avatar Jan 17 '22 02:01 diegodavilac

This issue is stale because it has been open for 30 days with no activity.

github-actions[bot] avatar Jul 29 '23 02:07 github-actions[bot]

This issue was closed because it has been inactive for 14 days since being marked as stale.

github-actions[bot] avatar Aug 13 '23 02:08 github-actions[bot]