I should integrate cognito + ruby on rails.
My user logined with cognito
default login page and redirected with url params to my page.
https://development-my-site.auth.us-west-2.amazoncognito.com/oauth2/authorize?client_id=62i222222222222&redirect_uri=https://c3ffec02.ngrok.io/auth/cognito/callback&response_type=token&scope=email+openid+profile
After redirect I have params
id_token=eyJraWQiOiIyYThzTzY3........
&access_token=eyJraWQiOiJDa0I2NGJsUFJKTWZrNGlV.....
&expires_in=3600
&token_type=Bearer
I should get access_token
from url and pass to backend for user verification.
In the backend I use AWS-SDK ```
def client
@client ||= Aws::CognitoIdentityProvider::Client.new(region: options.aws_region)
end
def get_user_info(params)
client.get_user(access_token: params['access_token'])
end
```
But in the result I have error Aws::CognitoIdentityProvider::Errors::NotAuthorizedException (Access Token does not have required scopes):
What I should do for get user info?
To view user attributes From the Amazon Cognito home page in the Amazon Web Services Management Console, choose Manage user pools. Choose your user pool from the Your User Pools page. Choose User and Groups to view user information. Choose a user name to show more information about an individual user.
To provide AWS credentials to your app, follow the steps below. Choose Manage identity pools from the Amazon Cognito console , create an identity pool, and copy the starter code snippets. If you haven't already done so, add the AWS Mobile SDK for iOS to your project. For instructions, see Set Up the Mobile SDK for iOS.
The data is stored both locally on the device and in the Cognito sync store. Cognito can also sync this data across all of the end user's devices.
Amazon Cognito Sync can synchronize user profile data across mobile devices and the web without using your own backend. The client libraries cache data locally so that your app can read and write data regardless of device connectivity status.
You need to add the scope aws.cognito.signin.user.admin
to your query:
https://development-my-site.auth.us-west-2.amazoncognito.com/oauth2/authorize?
client_id=62i222222222222
&redirect_uri=https://c3ffec02.ngrok.io/auth/cognito/callback
&response_type=token
&scope=email+openid+profile+aws.cognito.signin.user.admin
and allow it in the cognito console under Allowed OAuth Scopes
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With