Get current AWS Cognito identity id from supplied credentials

Question

I have an iOS app that is authenticating using Facebook & Cognito. I am able to make calls to a local ReST service with the following AWS credentials from my iOS app extracted from Cognito:

accessToken: {a_token}
secretToken: {a_token}
sessionToken: {a_token}

I want to get the current Cognito identity from the AWS credentials so I can use that as a key in my DynamoDB table and handle authorization (I don't want to use IAM roles for this). I know I can directly invoke DynamoDB from the iOS app but I do not want my app directly calling my data storage (in case I want to change data storage, add caching, etc...). Is it possible to get the current Cognito identity from the current AWS credentials?

---

• I do not want to pass the identity id with the request, as is defeats the purpose of passing the tokens.

• I do not want to use AWS API Gateway either.

Answer 1

From your credentialsProvider you can call getIdentityId() and in continueWithBlock' you can accesscredentialsProvider.identityId`

Answer 2

I am sorry but there is no way to get an identity id from AWS credentials.

Is there a reason you do not want to call Amazon DynamoDB from the device directly using credentials vended by Cognito Identity? Using IAM roles you can restrict the usage for an identity to be able to write to only their records and this is the approach we recommend currently.

You can refer to our blog about fine grain access with DynamoDB using Cognito.