Can I create an AWS Cognito user login programmatically?

Question

I would like my app to allow users with a Facebook, Google, Amazon... etc... accounts to be able to login to my app. This works fine through AWS Cognito.

However, is there a way for the app to create a user login programmatically if the user does not have any of those logins?

1. The user would provide an id and a password and the app would send the information to the authentiation provider to create a new login/account.

2. I would not need to implement my own authentication mechanism and worry about how the passwords are stored, etc.

From my research I take that there is no way to do this with existing authentication providers or even other services such as OpenID.

Do you have any other options if I do not want to implement my own login storage and authentication? It would not necessarily need to integrate with AWS Cognito.

Answer 1

I'm a little confused by your question. If you're asking:

Can I create new usernames and passwords on Facebook / Google programatically?

Then the answer is no. You have to sign up for Facebook / Google on their site. If you're asking:

Can I create a new user with a username and password that only exists in Cognito?

Then the answer is yes. To do this, it depends on whether you're creating the user in a browser or on a server. In a browser, use the Cognito Javascript API. On a server, use the Cognito Admin Server APIs.

Here's some sample code for creating a new user on the server in Node JS (replace my strings with your own tokens, especially the ones with @ signs in them):

  let params = {
    UserPoolId: "@cognito_pool_id@",
    Username: "jhancock",
    DesiredDeliveryMediums: ["EMAIL"],
    ForceAliasCreation: false,
    MessageAction: "SUPPRESS",
    TemporaryPassword: "somePassword",
    UserAttributes: [
      { Name: "given_name", Value: "John"},
      { Name: "family_name", Value: "Hancock"},
      { Name: "name", Value: "John Hancock"},
      { Name: "email", Value: "[email protected]"},
      { Name: "phone_number", Value: "+15125551212"}
    ],
  };
  console.log("Sending params to cognito: " + JSON.stringify(params));
  let cognitoIdentityServiceProvider = new AWS.CognitoIdentityServiceProvider({region: "us-east-1"});
  cognitoIdentityServiceProvider.adminCreateUser(params, function(error, data) {
    if (error) {
      console.log("Error adding user to cognito: " + JSON.stringify(error), error.stack);
    } else {
      console.log("Received back from cognito: " + JSON.stringify(data));
    }
 }

One you get that working, you'll probably want to see this post about how to change the temporary password into a real one.