Menu
I need to implement Developer Authenticated Identities using JavaScript SDK, but am facing issues with it. I've configured an identity pool with a Custom Authentication Provider
On Server:
AWS.config = new AWS.Config({
region: 'ap-northeast-2',
credentials: new AWS.Credentials('XXXXXS7FJBAOO5IXXXXX', 'XXXXXYBo4jmfsu7K0qJSFvu3nlVvYOcVz4GXXXXX')
});
var params = {
IdentityPoolId: 'ap-northeast-2:a383cb2e-e302-4ff6-8d8f-70e3185XXXXX',
Logins: {
'com.abc.xyz': '9876543210' // different value for each user
}
};
var cognitoidentity = new AWS.CognitoIdentity();
cognitoidentity.getOpenIdTokenForDeveloperIdentity(params, function(err, data) {
if (err) {
console.log(err, err.stack); // an error occurred
}
else {
console.log(data); // successful response
}
});
Server Result:
IdentityId: "ap-northeast-2:5cf7f3cd-b370-416b-bed8-f7f8c7aXXXXX"
Token: "eyJra.....sL8bg"
On Browser:
AWS.config = new AWS.Config({
region: 'ap-northeast-2'
});
var params = {
IdentityId: 'ap-northeast-2:5cf7f3cd-b370-416b-bed8-f7f8c7aXXXXX', //Received from server
CustomRoleArn: 'arn:aws:iam::356127965XXX:role/XXXXX_Customer',
Logins: {
'com.abc.xyz': '9876543210'
}
};
var cognitoidentity = new AWS.CognitoIdentity();
cognitoidentity.getCredentialsForIdentity(params, function(err, data) {
if (err) {
console.log(err, err.stack); // an error occurred
}
else {
console.log(data); // successful response
}
});
Browser Result:
Please provide a valid public provider
Identity Pool Configuration
257
Go to AWS Cognito service and click “Manage Identity Pools”. 2. Enter “Identity pool name”, expand the “Authentication providers” section and select “Cognito” tab. This is where the Cognito authentication provider will be registered with the Identity pool.
With a user pool, your app users can sign in through the user pool or federate through a third-party identity provider (IdP). Identity pools are for authorization (access control). You can use identity pools to create unique identities for users and give them access to other AWS services.
When a user updates their email address or phone number in your app, Amazon Cognito immediately sends a message with a verification code to a user if you configured your user pool to automatically verify that attribute. The user must then provide the code from the verification message to your app.
Based on the this post, I've made the following changes in Browser part
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityId: 'ap-northeast-2:5cf7f3cd-b370-416b-bed8-f7f8c7aXXXXX', //Received from server
IdentityPoolId: 'ap-northeast-2:a383cb2e-e302-4ff6-8d8f-70e3185XXXXX',
Logins: {
'cognito-identity.amazonaws.com': '9876543210'
}
});
AWS.config.credentials.get(function(err, data) {
if (err) {
console.log(err); // an error occurred
}
else {
console.log(data); // successful response
}
});
AWS.config.credentials
Now I'm able to receive the response that contains accessKeyId, expireTime, secretAccessKey and sessionToken
86
I realize this is an old post, but in case anyone comes across this, I believe your first approach would have worked had you changed:
Logins: {
'com.abc.xyz': '9876543210'
}
To
Logins: {
'cognito-identity.amazonaws.com': "eyJra.....sL8bg"
}
I feel that any solution without using the token you generated in step 1) is incomplete.
44
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
