AWS Cognito with Facebook and Google: unique IdentityId?

Question

In my web application, I want to allow users to log in using 2 possible providers (Facebook, Google) and retrieve credentials using AWS Cognito.

From what I understand, if a user ([email protected]) logs in using his Facebook account, the Cognito IdentityId will not be the same as if he had logged in using his Google account.

Assuming that the user uses the same email address ([email protected]) to log in for both his Facebook and Google accounts, how can I make sure that that user has a single, unique IdentityId in Cognito?

I would not want the user to have 2 different IdentityId's. It would be nice if I could associate [email protected] to a single IdentityId.

Answer 1

Cognito doesn't know about the email with which an account was registered. If the same user authenticates on two different devices using facebook on one and google on the other, it will give two different ids.

However, it can be told that they're linked. If that same user were to log in to facebook on one device, they'd get identity A. If they were to then link identity A to their google account by including the login token for both when communicating with Cognito, then Cognito would know they're associated, and any future authentication with one of the two providers would give the same id.

That deviates a bit if both Facebook and Google had already been linked to an id before Cognito was told to link them - in that case, the id that is used could be either of the two.