Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

User Pool and Federated Identity

I am trying to use the AWS Javascript sdk to provide login capabilities to a web app.

I have a Cognito User Pool set up and have accounts registering, verifying and logging in correctly.

Identities are being created in the identity pool, but I would now like to add functionality that allows me to authorize with my Google account (or facebook, twitter, whatever) and link that authorization to the same identity in the identity pool.

I can't find any method in the documentation that would allow me to do this.

I anticipate that this will allow my user to then login using Google or username/password, but I can't find any guidance on how to link those authorizations.

In addition, is there a way that the User Pool account can be created following a federated identity login, if that is the users initial point of contact (eg: clicking "Login with Facebook" when they have never been there before).

Any guidance would be greatly appreciated.

Best regards,

Hal

like image 312
Hal Avatar asked Jun 15 '16 23:06

Hal


People also ask

What is a user pool?

User pools are for authentication (identity verification). With a user pool, your app users can sign in through the user pool or federate through a third-party identity provider (IdP). Identity pools are for authorization (access control).

How do you link a user pool with identity pool?

Enter the User Pool ID. Enter the App Client ID. This must be the same client app ID that you received when you created the app in the User pools section of the console. If you have additional apps or user pools, choose Add Another Provider and enter the User Pool ID and App Client ID for each app in each user pool.

What is federated identity in Cognito?

Amazon Cognito Federated Identities is a web service that delivers scoped temporary credentials to mobile devices and other untrusted environments. It uniquely identifies a device and supplies the user with a consistent identity over the lifetime of an application.

What is meant by identity federation?

Identity federation is a system of trust between two parties for the purpose of authenticating users and conveying information needed to authorize their access to resources.


1 Answers

You can find the documentation for google integration here: http://docs.aws.amazon.com/cognito/latest/developerguide/google.html#set-up-google-1.javascript

To summarize, in logins map you will need to pass both google token and the token from user pools. This will link both logins to a single identity. Now user can login with any one of them and user will have the same identity.

Yes it is possible to create user pool account later on.

like image 150
Vinay Kushwaha Avatar answered Nov 05 '22 08:11

Vinay Kushwaha