Menu
I am implementing Facebook authentication for an Angular2-app that already uses an AWS Cognito User pool.
Using ngx-facebook (https://github.com/zyra/ngx-facebook) I have managed to authenticate myself using Facebook and a Cognito Identity Pool:
loginWithFacebook(): void {
AWS.config.update({region:AWS_CONFIG.REGION});
this.fb.login()
.then((response: LoginResponse) => {
console.log(response.authResponse.accessToken);
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: AWS_CONFIG.IDENTITY_POOL_ID,
Logins: {
'graph.facebook.com': response.authResponse.accessToken
}
});
AWS.config.credentials.refresh((error) => {
if (error) {
console.error(error);
} else {
console.log('Successfully logged in');
}
});
})
.catch((error: any) => console.error(error));
}
But now: How do I integrate the Facebook users with the already existing user pool?
There is functionality in place for logging in and registering with the user pool and the optimal solution would obviously be to use the existing functionality for Facebook users as well.
The backend is serverless (Lambdas/API Gateway) and uses an Authorizer connected to the existing user pool.
567
Amazon Cognito works with external identity providers that support SAML or OpenID Connect, social identity providers (such as Facebook, Twitter, Amazon) and you can also integrate your own identity provider.
Your user pool acts as a service provider (SP) on behalf of your application. Amazon Cognito supports SP-initiated single sign-on (SSO) as described in section 5.1.
With a user pool, your app users can sign in through the user pool or federate through a third-party identity provider (IdP). Identity pools are for authorization (access control). You can use identity pools to create unique identities for users and give them access to other AWS services.
First of all, as mentioned, Cognito UserPool did not have integrations with social Identity providers. However, you could implement a directory of social account users(facebook, google, etc.) from Federated Identities by yourself, using a database of your choice. Look into this discussion.
Secondly, now you don't have to do what is described in the first part of this post. A few days ago Amazon announced support for Federation through Facebook, Google and LoginWithAmazon for User Pools. "This will create a user in user pool when a user logs in with federation. You can also capture the attributes from the identity provider using the attribute mapping feature." - This is mentioned here as well.
121
Unfortunately Cognito UserPool does not have integrations with social Identity providers like Facebook, Twitter, Google. That's only supported in Cognito Federated Identities. We are happy to take this as a feature request.
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
