Menu
I am building an authentication system using aws lambdas, dynamodb and cognito.
Am stuck at comparing the token provided from the getOpenIdTokenForDeveloperIdentity(); call with one from the server for the specific identity.
Am getting the token and identity with:
function getToken(email, fn) {
var param = {
IdentityPoolId: cognitoIdentityPoolId,
Logins: {} // To have provider name in a variable
};
param.Logins[cognitoDeveloperProvidedName] = email;
cognitoidentity.getOpenIdTokenForDeveloperIdentity(param,
function(err, data) {
if (err) return fn(err); // an error occurred
else fn(null, data.IdentityId, data.Token); // successful response
});
}
Then as far as I understand it I can get the already generated token from cognito (not create a new one) like this:
function checkToken(IdentityId, email, fn){
var param = {
IdentityPoolId: cognitoIdentityPoolId,
IdentityId: IdentityId,
Logins: {}
};
param.Logins[cognitoDeveloperProvidedName] = email;
cognitoidentity.getCredentialsForIdentity(param,
function(err, data) {
if (err) return fn(err);
else fn(null, data);
});
}
But I can't seem to get it to work
Any ideas?
295
You can decode the JWT token and also cache this expiry along with the token. Every time the cache for the tokens is accessed, also check the current time against the cached expiry time. If expired, use the Refresh token to obtain the latest Access and ID token and cache the tokens and expiry again.
By default, Amazon Cognito refresh tokens expire 30 days after a user signs in to a user pool. When you create an app, you can set the app's refresh token expiration to any value between 60 minutes and 10 years.
Simply, You can request the id/access/refresh tokens using the code and the Cognito clientId+hostname, then use the id and access token to identify the user in your API calls.
Figured it out, the checkToken function needs to look like this:
function checkToken(providedIdentity, token, fn){
var param = {
IdentityId: providedIdentity,
Logins: {}
};
param.Logins['cognito-identity.amazonaws.com'] = token;
cognitoidentity.getCredentialsForIdentity(param,
function(err, data) {
if (err) return fn(err);
else fn(null, data);
});
}
I needed to set cognito-identity.amazonaws.com as the login provider
166
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With