CODEWITHSUNDEEP
facebookfacebook-graph-apiamazon-web-servicesfacebook-appsamazon-cognito
Torben
Torben

Reputation: 21

Multiple Facebook Applications as Identity Provider for AWS Cognito Federated Identities

We are using AWS Cognito (Federated Identities) in order to provide login via facebook and google+.

We are facing the following challenge. Our company is providing different apps, that interact with each other, so that we would like to have authenticated users to have one identity inside of one cognito identity pool. And to make use of the sync store cross apps.

For cognito you can only choose one audience (client-id/app-id) for each IdP, when using the AWS console. It would make sense for us, to associate many facebook audiences and google+ audiences with that one cognito setup.

We figured out how to setup many google+ audiences, by creating google+ as IdP via IAM. Which works perfectly fine for us. We are struggling to figure out a way how to configure many facebook audience via IAM-IdP or any other way.

Well, facebook is no open-id-connect provider, and that seems to be the issue. But I kind of don't want to accept this.

Does one of you know how to configure multiple facebook apps to be associated with one cognito identity pool. Workaround are very welcome.

One additional information: It would be OK for us to use one global facebook app, e.g. 'OurCompany - Network', that would do the trick. The blocker for this is, that it would block us from doing facebook-campaigns with installation tracking. If you know a workaround for this, is also a welcome solution.

Upvotes: 2

Views: 843

Answers (2)

Vinay Kushwaha
Vinay Kushwaha

Reputation: 1797

One workaround is to use Developer Authenticated Identities. You will need to validate the Facebook token yourself in this case.

Upvotes: 1

crowder
crowder

Reputation: 724

I did this by using multiple pools, and then allowing both pools at the role level. That means my Trust Relationships for that role look like this:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Federated": "cognito-identity.amazonaws.com"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "ForAnyValue:StringEquals": {
          "cognito-identity.amazonaws.com:aud": [
            "<first cognito pool>",
            "<second cognito pool>"
          ]
        },
        "ForAnyValue:StringLike": {
          "cognito-identity.amazonaws.com:amr": "authenticated"
        }
      }
    }
  ]
}

Upvotes: 1

Related Questions