Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Cognito paswordless auth via link

Tags:

authentication

amazon-web-services

amazon-cognito

aws-amplify

amplifyjs

I'm trying to implement auth via link without password. E.g. user enter his email -> cognito send an email with link that user can click and login. It

It is supported by cognito via custom challenge. E.g. https://aws-amplify.github.io/amplify-js/media/authentication_guide#using-a-custom-challenge

I have created DefineAuthChallenge, CreateAuthChallenge, VerifyAuthChallenge lambda function that associated with my cognito pool. CreateAuthChallenge generate code that is send to user email with link to site.

Next i was planning to grab that code from url on site and login user via it like its in docs

Auth.signIn(username)
    .then(user => {
        if (user.challengeName === 'CUSTOM_CHALLENGE') {
            Auth.sendCustomChallengeAnswer(user, challengeResponse)
                .then(user => console.log(user))
                .catch(err => console.log(err));
        } else {
            console.log(user);
        }
    })
    .catch(err => console.log(err));

But here is the problem. Auth.sendCustomChallengeAnswer require user object that is passed from Auth.signIn. But if user just click link from email there wont be any user object at all. And amplify lib dont save that middle session user object, so on page reload its lost. It is saving only if auth completed to its storage https://github.com/aws-amplify/amplify-js/blob/master/packages/amazon-cognito-identity-js/src/CognitoUser.js#L175

So the question is how can i save & reconstruct user object from Auth.signIn function on page reload. Or if there a better approach to sign in via link without password?

like image 756
Aldarund Avatar asked Oct 12 '18 22:10

Aldarund

1 Answers

To solve this first you need to save username and session into localstorage or cookies. Then when user go through link this code can be used:

 const userPoolData = {
    UserPoolId: process.env.COGNITO_POOL_ID,
    ClientId: process.env.COGNITO_POOL_WEB_CLIENT_ID,
    Storage: customStorageClass // default is localstorage
  }

  const userPool = new CognitoUserPool(userPoolData)

  const userData = {
    Username: getUsernameFromCookiesOrLocalstorage,
    Pool: userPool,
    Storage: customStorageClass // default is localstorage
  }
  const user = new CognitoUser(userData)
  user.Session = getSessionFromCookiesOrLocalstorage
  Auth.sendCustomChallengeAnswer(user, code)
like image 81
Aldarund Avatar answered Nov 15 '22 09:11

Aldarund
Sign in to Comment

Related questions

Amazon Cognito iOS
Missing Access-Control-Allow-Origin headers from Amazon S3 bucket
How To Set Up HTTPS on AWS Elastic Beanstalk
EB CLI init problems... Invalid credentials ERROR: Credential must have exactly 5 slash-delimited elements
DynamoDB batchWriteItem crashes in node.js
tried tjavax.mail.MessagingException: Unknown SMTP host: "smtp.office365.com";
Unable to Connect MongoDB on Amazon EC2 Instance using java
AWS eb create - unable to find role
Slower execution of AWS Lambda batch-writes to DynamoDB with multiple threads
Using AWS SDK with web workers
How to validate an ARN before applying an AWS policy?
Access AWS CloudFormation ARN from inside Lambda Function
How to deal with large WAR files in AWS?
aws lambda UTF-8 response header
DynamoDB - How to calculate the read throughput for queries
Querying string with apostrophe in Cloud Search
Autoscaling group hostnames & cloud-init
Amazon Data Pipeline "Load S3 Data to RDS MySQL" query format?
Spring Cloud AWS SQS fails to connect to service endpoint locally

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!