CODEWITHSUNDEEP
iosswiftamazon-web-servicesamazon-s3amazon-cognito
MM117
MM117

Reputation: 1

AWS IOS SDK Authentication

I'm new to ios development and I am trying to integrate AWS into a mobile app written in Swift. I used the following code to connect and upload files to s3:

let credentialsProvider = AWSCognitoCredentialsProvider(regionType: AWSRegionType.USEast1, identityPoolId: "us-east-1:xxxx")
let serviceConfiguration = AWSServiceConfiguration(region: AWSRegionType.USEast1, credentialsProvider: credentialsProvider)
AWSServiceManager.defaultServiceManager().defaultServiceConfiguration = serviceConfiguration

var uploadRequest = AWSS3TransferManagerUploadRequest()
uploadRequest.bucket = "my-bucket" // Bucket where the file is uploaded
uploadRequest.key = "myFile.txt" // The file's name on s3
uploadRequest.body = getFileURL() // The file's path on my computer

var transferManager = AWSS3TransferManager.defaultS3TransferManager()
transferManager.upload(uploadRequest).continueWithBlock({
    (task: BFTask!) -> BFTask! in
    if(task.error != nil){
      println("Couldn't upload the file");
      println(task.error.code)
      println(task.error.localizedDescription)
      }
      return nil
})

This does what I expected, it uploads myFile.txt to s3. But it is doing so via the unauth role, which I have given "s3:*" permission. I would like to restrict these actions to an authenticated role. In AWS' documentation the solutions involve using Facebook, Twitter, Amazon, Google, etc or making a developer authenticated identity.

I was having difficulty making a developer authenticated identity because all of the documentation is in objective-c or java. So now I'm trying to find an alternative. Is it possible to authenticate with an accessKey, secretKey pair? Or is there any other way of authenticating?

If there is no such way, how am I supposed implement a developer authenticated identity? 

class DevAuthProvider: AWSAbstractCognitoIdentityProvider{
var _token: String!
var _logins: [NSObject : AnyObject ]!
var someURL: String!

override var token: String {
    get {
        return _token
    }
}

override var logins: [NSObject : AnyObject]! {
    get {
        return _logins
    }
    set {
        _logins = newValue
    }
}

override func getIdentityId() -> BFTask! {
    if self.identityId != nil {
        return BFTask(result: self.identityId)
    }
    else{
        return BFTask(result: nil).continueWithBlock({ (task) -> AnyObject! in
            if self.identityId == nil {
                return self.refresh()
            }
            return BFTask(result: self.identityId)
    })
   }
}

override func refresh() -> BFTask! {
    let task = BFTaskCompletionSource()
    let request = AFHTTPRequestOperationManager()
    request.GET(someURL, parameters: nil, success: { (request: AFHTTPRequestOperation!, response: AnyObject!) -> Void in
        var tmp = NSMutableDictionary()
        tmp.setObject("temp", forKey: "App")
        self.logins = tmp as [NSObject : AnyObject]

        let properties: NSDictionary = response.objectForKey("properties") as! NSDictionary
        let amazonId = properties.objectForKey("amazon_identity") as! String
        let amazonToken = properties.objectForKey("token") as! String

        self.identityId = amazonId
        self._token = amazonToken

        task.setResult(response)
        }, failure: {(request: AFHTTPRequestOperation!, error: NSError!) -> Void in
             task.setError(error)
    })
  return task
  }        
}

I'm using the following code as a start, an instance of this class would be used to instantiate a AWSCognitoCredentialsProvider but I'm not sure how it works and how I'm supposed to use it. Specifically, the URL in the get request is supposed to be where I get the authorization token right? If so, where would that be?

Any help is appreciated

Upvotes: 0

Views: 1607

Answers (2)

Karthick Selvaraj
Karthick Selvaraj

Reputation: 2505

If your want to authenticate your user you can go with public identity provider like Facebook, google, etc... or you can go with Amazon Cognito user pool. You can specify your identity provider(Facebook, google,.. or Amazon Cognito user pool) as Authentication provider in Amazon cognito identity pool.

Say example, assume you are going to give Amazon cognito user pool as Authentication provider for your identity pool. Refer this link to explore how to integrate Amazon cognito user pool with Amazon identity pool.

http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-integrating-user-pools-with-identity-pools.html

Its worked for me in Xcode 8, swift 3.

Thanks. :)

Upvotes: 1

Rachit Dhall
Rachit Dhall

Reputation: 1661

The developer authenticated identities feature requires you to have a backend having the ability to validate a user's credentials (username and password). You would register your users to this backend and then use it to validate them and subsequently vend the tokens which you will be getting from Cognito. The mobile app will communicate with this backend server via a URL. Please refer to our blog post, which has an end-to-end example of setting up a backend and an objective-C sample which interacts with the backend. Currently we do not have any samples in Swift, but we will take this as a feature request.

Thanks,
Rachit

Upvotes: 0

Related Questions