Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS Cognito + RubyOnRails get user info on the backend. Aws::CognitoIdentityProvider::Errors::NotAuthorizedException

I should integrate cognito + ruby on rails.

My user logined with cognito default login page and redirected with url params to my page.

https://development-my-site.auth.us-west-2.amazoncognito.com/oauth2/authorize?client_id=62i222222222222&redirect_uri=https://c3ffec02.ngrok.io/auth/cognito/callback&response_type=token&scope=email+openid+profile

After redirect I have params

id_token=eyJraWQiOiIyYThzTzY3........
&access_token=eyJraWQiOiJDa0I2NGJsUFJKTWZrNGlV.....
&expires_in=3600
&token_type=Bearer

I should get access_token from url and pass to backend for user verification.

In the backend I use AWS-SDK ```

  def client
    @client ||= Aws::CognitoIdentityProvider::Client.new(region: options.aws_region)
  end

  def get_user_info(params)
    client.get_user(access_token: params['access_token'])
  end

```

But in the result I have error Aws::CognitoIdentityProvider::Errors::NotAuthorizedException (Access Token does not have required scopes):

What I should do for get user info?

like image 534
Viktor Leonets Avatar asked Sep 26 '17 15:09

Viktor Leonets


People also ask

How do I get user attributes from Cognito?

To view user attributes From the Amazon Cognito home page in the Amazon Web Services Management Console, choose Manage user pools. Choose your user pool from the Your User Pools page. Choose User and Groups to view user information. Choose a user name to show more information about an individual user.

How do you use the code returned from Cognito to get AWS credentials?

To provide AWS credentials to your app, follow the steps below. Choose Manage identity pools from the Amazon Cognito console , create an identity pool, and copy the starter code snippets. If you haven't already done so, add the AWS Mobile SDK for iOS to your project. For instructions, see Set Up the Mobile SDK for iOS.

Where are AWS Cognito users stored?

The data is stored both locally on the device and in the Cognito sync store. Cognito can also sync this data across all of the end user's devices.

How does Amazon Cognito Sync allow users to read and write data without internet connectivity?

Amazon Cognito Sync can synchronize user profile data across mobile devices and the web without using your own backend. The client libraries cache data locally so that your app can read and write data regardless of device connectivity status.


1 Answers

You need to add the scope aws.cognito.signin.user.admin to your query:

    https://development-my-site.auth.us-west-2.amazoncognito.com/oauth2/authorize?
client_id=62i222222222222
    &redirect_uri=https://c3ffec02.ngrok.io/auth/cognito/callback
    &response_type=token
    &scope=email+openid+profile+aws.cognito.signin.user.admin

and allow it in the cognito console under Allowed OAuth Scopes

like image 76
Sven Avatar answered Sep 18 '22 18:09

Sven