-
Notifications
You must be signed in to change notification settings - Fork 549
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Developer authenticated federated logins #577
Comments
Hi @andymartinwork , The enum is provided for convenience. The |
It turns out federatedSignIn wasn't what I wanted in the end, since that would mean storing the secret in the app. I managed to dig up the Cognito Sync Sample Demo from an old commit and create a DeveloperAuthenticationProvider. In the end, I had to remove any reference to Amplify, since there is no existing way to do this in the amplify framework, and use the lower-level libraries. |
Hi @andymartinwork, Can you elaborate why you think that using federatedSignIn requires storing the secret? Also, can you describe your specific use case? Could User Pools work for your use case, and if not why so? Thanks, |
I want to do this: My company has an existing user database which we may move into user pools eventually, but are not doing that right now. I want our app to access amazon services (specifically IoT) using our developer authentication. To authenticate with our backend login system, our backend needs to authenticate with Cognito and pass back open id credentials. I then use these open id credentials to authenticate the client app with amazon, so I can access the services directly. I tried to pass in the open id token and cognito-identity.amazonaws.com as the parameters in the federated login but got the reply: "com.amazonaws.services.cognitoidentity.model.NotAuthorizedException: Invalid login token. Can’t pass in a Cognito token. (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: NotAuthorizedException;" The only way I have found to solve the problem is by creating a |
@andymartinwork Thank you for your detailed response. We are tracking this issue as part of the effort in #634. |
One more comment - do you know if this was done on iOS as well? |
Hi @andymartinwork , This feature was also released on the iOS side. |
* Secure information stored in SharedPreferences * Lower aws-android-sdk-core-test compile and target sdk version to 27 * Add a symlink to android-23.jar for core * Add a gradle task that creates a symlink to android-23.jar for AWS Core * Fix the gradle task that creates symbolic link to android-23.jar * Change config.yml to setup android-23 * Enable core, cognitoidentityprovider and cognitoauth integration tests on CircleCI * Enable core, cognitoidentityprovider and cognitoauth integration tests on CircleCI * Fix pom.xml * Improve exception handling in AWSKeyValueStore * [2.12.3] Bump the patch version of 2.12.z * Update 2.12.3 CHANGELOG * Add the missing bucket prefixes to CleanupBucketIntegrationTests * Fix a bug where migrating expirationDate in CognitoCachingCredentialsProvider crashes * [2.12.4] Update changelog and bump version * Annotate code specific to API Level 23 and above in AWSKeyValueStore * Added API to accept key-value pairs which are appended to the connection username (aws-amplify#765) The connection username is used as user metadata by the service for the purpose of metrics calculation. * build android sdk with android-10 (aws-amplify#782) * Add sign out options * [MobileClient] Cleanup javadocs and remove unnecessary try..catch blocks * [MobileClient] Add developer authenticated identities to federatedSignIn fixes aws-amplify#577 * [MobileClient] Add test for developer authenticated idenities federatedSignIn * [MobileClient] Persist identity id for developer authenticated identities * [MobileClient] Add AWSMobileClient as client usage tracker in user agent * [MobileClient] Add device operations; Add error message to ReturningRunnable * [MobileClient] Add global sign-out functionality * [MobileClient] Add custom role arn to settings in federated sign-in persistence * [MobileClient] Add forgot password test; Fix sign out globally test * [MobileClient] [Userpools] [CognitoAuth] Add HostedUI and OAuth 2.0 code grant flow support [MobileClient] Add HostedUI and OAuth 2.0 code grant flow support [Userpools] Fix threading issues reported in issue aws-amplify#722 [CognitoAuth] Added methods to reset AuthHandler and get session without launching UI Fix erroneous user cancelled when redirecting back to app fixes aws-amplify#328 * [MobileClient] Fix multiple adds of SignInProvider to provider list fixes aws-amplify#766 * [MobileClient] Fix git merge issues * [MobileClient] Fix integration tests for new configuration * [CognitoAuth] Fix NPE when ASF feature turned off * [MobileClient] Finalize APIs before release, add persistence flag to OAuth 2.0 and HostedUI features * [AuthSDKs] Update maven repositories in pom to maven.google.com * [Core] Fix NPE when setting persistence in AWSKeyValueStore after initialization * [MobileClient] Ignore manual tests in automation * [MobileClient] Ignore drop-in UI test due to timeout; Default OAuth 2.0 client to persist * Fix the transition between persistence enabled and disabled in AWSKeyValueStore * Enable core, cognitoidentityprovider and cognitoauth integration tests on CircleCI * Update changelog for 2.12.5; Add mobile client; Remove IoT metrics * Skip reserved keynames (aws-amplify#791) * Skip reserved keynames * Add log when reserved key names are encountered * Bump version 2.12.5 (aws-amplify#792)
Amplify Auth for Cognito Identity logins using Developer Authentication
With AWS Mobile you used to be able to login to AWS using developer authenticated credentials.
I looked up the enum for federated login and found this:
I noticed in the javascript repository, there is support for developer logins:
https://github.com/aws-amplify/amplify-js/pull/425/files
Is there any reason why developer logins were not included in amplify? I need to use it before I can migrate existing users over to Cognito User Pools.
The previous guides to get this done, including the CognitoSyncDemo and the links on other documentation were deprecated and removed. Why would they be deprecated when there is no replacement feature in the new library?
https://aws.amazon.com/blogs/mobile/integrating-amazon-cognito-using-developer-authenticated-identities-an-end-to-end-example/
The text was updated successfully, but these errors were encountered: