Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS Cognito, Lambda, User credentials in DynamoDB

Tags:

facebook

amazon-web-services

aws-lambda

amazon-cognito

I established a authentication flow with Facebook Login and AWS Cognito on the client site. Works fine. But now I need a reference of the user with its facebook id in a dynambodb table. Of course I could just call a AWS lambda function exposed via AWS API gateway, but how can I verify that the API call actually has a valid facebook id and that this facebook id matches the AWS Cognito Id. Maybe I am missing something here, I hope you guys can point me in the right direction ;) thanks!

like image 953
jjuser19jj Avatar asked Feb 01 '16 21:02

jjuser19jj

People also ask

How do you add a Cognito user to DynamoDB using Lambda?

Create an IAM Role for your Lambda Function Access your IAM Management console and select Roles from the left menu. Click Create role and select the AWS Service Lambda role. Once both are highlighted, click Next: Permissions. Name your role whatever you want, as long as it's recognizable to you, and click Create role.

How does Lambda communicate with DynamoDB?

With DynamoDB Streams, you can trigger a Lambda function to perform additional work each time a DynamoDB table is updated. Lambda reads records from the stream and invokes your function synchronously with an event that contains stream records.

How do I allow API users to run AWS lambda with their Amazon Cognito permissions?

To allow users to run Lambda with their Amazon Cognito permissions, follow these steps: Use the API Gateway console to establish your Amazon Cognito user pool as an authorizer. Then, assign the Amazon Cognito user pool as the authorizer for the method of your API.

1 Answers

If you can key your ddb table by cognito id instead of facebook id, you can invoke api gateway with cognito credentials. If you use callee credentials when calling lambda you can access the cognito id via the token $context.identity.cognitoIdentityId. This ensures the call was made by the owner of this id. You can further check that $context.identity.cognitoAuthenticationProvider is graph.facebook.com to ensure they authed via Facebook. Unfortunately, the facebook id is not passed in the credentials, so if you need it you will need a lookup table mapping cognito id to facebook id. For more details on the available tokens see here.

like image 171
behrooziAWS Avatar answered Sep 28 '22 03:09

behrooziAWS
Sign in to Comment

Related questions

Get Visitors Name from Logged In Social Networks
How to get Facebook user's friends' profile picture using Javascript SDK V2.0
ReactJS - How can a child find its parent?
How to get big picture from feed (now)? Api has been changed
Facebook Ads API - e-mails and hashes in a Custom Audience
How to calculate Facebook cover offset
Facebook Search in Graph API
Graph Search API order by like fql
Facebook Share dialog doesn't work when href parameter is a variable
How to generate Facebook Marketing API access token to use it in Windows application
product catalog api fail
save info about facebook user to use in another Activity
Deploy to heroku without redirecting to localhost with passport callback
facebook api 2.4, user_group permission
Search for public events by location using the Facebook Graph API
"pages_show_list" permission not listed in "add items to this submission" for Facebook app
Facebook App Login: How to control expiration date of an image URL I got?
iOS - Facebook Login Error - Unknown Error building URL (com.facebook.sdk.core error 3)
Facebook: Unsafe JavaScript issue (document.domain values should be same)
RELEASE_KEY_ALIAS and RELEASE_KEY_PATH values for generating key hash

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!