Using External Identity Providers with Server Side Authentication

Question

I'm using the AWS SDK for Go to use Cognito to do server-side authentication. I have sign-up and sign-in done and working using a username and password. I have all three external identity providers configured based off of the documentation as well as redirect URLs and everything else the documentation calls for.

I know how to get the URL for the built Sign Up/Sign In page that Cognito will build for you, and those have the Google/Facebook/Amazon login buttons, but I need to be able to put those buttons on the front end of my site. I don't know how to go about doing that.

Edit: See comment on @Stu's post for detailed reasoning on why the JS SDK answer is marked as the correct answer. This is subject to change, but not for awhile. (tldr; aws go sdk and cognito simply do not support this yet)

Answer 1

Your app requirements have grown passed a point of using the cookie cutter Cognito login flow.

I suggest you just handle all your authentication to cognito yourself as seen here: https://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-javascript-examples.html

This way, you can throw a facebook login button on your site like this: https://docs.aws.amazon.com/cognito/latest/developerguide/facebook.html

FB.login(function (response) {

  // Check if the user logged in successfully.
  if (response.authResponse) {

    console.log('You are now logged in.');

    // Add the Facebook access token to the Cognito credentials login map.
    AWS.config.credentials = new AWS.CognitoIdentityCredentials({
      IdentityPoolId: 'IDENTITY_POOL_ID',
      Logins: {
        'graph.facebook.com': response.authResponse.accessToken
      }
    });

    // Obtain AWS credentials
    AWS.config.credentials.get(function(){
        // Access AWS resources here.
    });

  } else {
    console.log('There was a problem logging you in.');
  }

});

Then get the user like this:

    var data = { UserPoolId : 'us-east-1_Iqc12345',
        ClientId : '12345du353sm7khjj1q'
    };
    var userPool = new AmazonCognitoIdentity.CognitoUserPool(data);
    var cognitoUser = userPool.getCurrentUser();

    if (cognitoUser != null) {
        cognitoUser.getSession(function(err, session) {
            if (err) {
                alert(err);
                return;
            }
            console.log('session validity: ' + session.isValid());
        });
    }

Additional Facebook SDK Info: https://developers.facebook.com/docs/facebook-login/web

Since your going to be going through the motions of setting up the Cognito flow in your application. An additional nugget, I highly recommend you go ahead and set up custom messages with a lambda trigger. https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-message.html

Update: Coming back to this one more time.

https://docs.aws.amazon.com/sdk-for-go/api/service/cognitoidentityprovider/#CognitoIdentityProvider.AdminInitiateAuth

Here you can see a function called AdminInitiateAuth. There are also Functions for attaching users to identity providers. So while Using the JS SDK is probably the easiest, and in my opinion the solution for integrating a web app with cognito. You could clearly handle all your authentication flow, token management, create api's to signin, signout, etc.. server side with the GO SDK