Reputation: 53
AWS Cognito - JavaScript Authentication Not Working
I've been trying to get Google Sign-In to work with Cognito through the JS SDK. I've been reading the docs: http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityCredentials.html
This below code is in my function that gets run once I get the callback from Google. I have verified that I am logged in through Google and have an access_token. According to the docs I should only need the role name if the role is configured through cognito so it can automatically figure out the pool id. Which it is. The function calls the get and returns successfully.
Now what I don't understand is two things:
1) Shouldn't I see a new identity in my pool in Cognito once the get method is called? I am not seeing any logins through cognito. When should I see logins through cognito on the dashboard?
2) Trying to use AWS now to reach specific resources such as maybe read an S3 bucket or something fails due to Auth, and that would make sense if issue #1 is having issues.
I am guessing I am missing something simple here since, any help would be appreciated. I have also looked at this link: http://docs.aws.amazon.com/AWSJavaScriptSDK/guide/browser-configuring.html and tried using WebIdentityToken as well, with no success.
AWS.config.region = 'us-east-1';
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: '<POOL ID>',
Logins: {
'accounts.google.com': googleUser.wc.access_token
}
});
// Obtain AWS credentials
AWS.config.credentials.get(function(){
// Credentials will be available when this function is called.
var accessKeyId = AWS.config.credentials.accessKeyId;
var secretAccessKey = AWS.config.credentials.secretAccessKey;
var sessionToken = AWS.config.credentials.sessionToken;
console.log("accessKeyId: " + accessKeyId);
});
Upvotes: 2
Views: 1179
Answers (3)
Reputation: 9649
Make sure you have 'Generate client secret' unchecked on AWS->Cognito->UserPool->YourPool->Apps->Add App
Upvotes: 0
Reputation: 53
So the issue came down to 2 things.
Just like Scott was saying I needed to use the IdentityPoolId and Logins within the CognitoIdentityCredentials method.
The second was the token from google. Its not the access token that AWS needs, it is the id_token! So on the google success callback we get the googleUser object, which has a wc object on it, on that which contains a id_token. You use that token on the Logins dictionary and you have yourself a successful login!
Upvotes: 1
Reputation: 9335
You actually need to specify the Identity Pool ID, not the role ARN (as long as you have configured the UnAuth and Auth roles when you setup your identity pool - which is the default). See the example code at http://docs.aws.amazon.com/cognito/devguide/identity/getting-credentials/
Please let me us know if you continue to have trouble.
Upvotes: 0
Related Questions
- AWS Cognito + google signup
- AWS cognito signout from google account not working properly
- AWS Cognito auth fails with Vanilla JS
- Cognito getId: NotAuthorizedException: Invalid login token. Not a valid OpenId Connect identity token
- Authenticating user in AWS Cognito User/Identity Pool with Google as identity provider
- AWS Cognito Identity NotAuthorizedException
- AWS Cognito Authentication Returns Error - Javascript SDK
- AWS Cognito: Can't get Credentials
- AWS Cognito: getting "Please provide a valid public provider" with google
- When using Cognito credentials with AWS in a browser (javascript), keep getting "missing credentials" error