I have a mobile app with signup/signin options. Mobile app makes calls to Rest APIs and the APIs use Python boto3 CognitoIdentityProvider client to create users in AWS Cognito user pools. SignIn using email/password works fine.
For social sign-in, mobile app is updated with google sign-in and fetch idToken,accessToken. How do I use google returned signIn token to signin/create user in Cognito user pool from the backend python environment? Is this feasible?
For username/password options, I use signup and admin_initiate_auth methods. But not sure what to use to allow users to sign or create users in UserPool when using google/facebook signin option.
Essentially is there a way in Boto3 or other AWS libraries to create users in UserPool using google/facebook returned idToken>
Single Sign-On (SSO) solutions allow users to enter credentials once and access many systems simultaneously. IT administrators can use a local SSO server or a third-party service to manage authentication, allowing for centralized access management.
Authenticating with tokensWhen a user signs into your app, Amazon Cognito verifies the login information. If the login is successful, Amazon Cognito creates a session and returns an ID, access, and refresh token for the authenticated user.
Amazon Cognito supports authentication with identity providers (IdPs) through Security Assertion Markup Language 2.0 (SAML 2.0). You can use an IdP that supports SAML with Amazon Cognito to provide a simple onboarding flow for your users. Your SAML-supporting IdP specifies the IAM roles that your users can assume.
get_id method from boto3 CongnitoIdentity service addresses the concern.
Using the google returned ID token, call get_id to create federated identity.
client = boto3.client('cognito-identity',
aws_access_key_id=ACCESS_KEY,
aws_secret_access_key=ACCESS_SECRET_KEY)
response = client.get_id(
AccountId='YOUR AWS ACCOUNT ID',
IdentityPoolId='us-east-1:xxxdexxx-xxdx-xxxx-ac13-xxxxf645dxxx',
Logins={
'accounts.google.com': 'google returned IdToken'
},
)
Response includes the Cognito IdentityId:
{
"ResponseMetadata": {
"RetryAttempts": 0,
"HTTPStatusCode": 200,
"RequestId": "xxxfb049b-1f77-xxxx-a67c-xxxfb049b",
"HTTPHeaders": {
"date": "Sun, 04 Mar 2018 06:43:13 GMT",
"x-amzn-requestid": "xxxfb049b-1f77-xxx-a67c-xxxfb049b",
"content-length": "63",
"content-type": "application/x-amz-json-1.1",
"connection": "keep-alive"
}
},
"IdentityId": "us-east-1:xxx-2xx1-1234-9xx2-xxxx"
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With