Reputation: 2728
How to avoid creating unused identities in Cognito Federated Identities
Every time I run the aws:aws-sdk-ios-samples/CognitoSync-Sample it generates a new unique IdentityId for my device. If I shut down the app and restart it it gets the same IdentityId (from the keychain). But if I log in with google, and log out it does a AWSCognito.defaultCognito().wipe() - and the wipe function clears the keychain.
Then if I restart the app, I get a new unique IdentityId.
The first time I log in with a google or facebook identity it uses that newly created IdentityId as the authenticated IdentityId. But after that first login, whenever i start the app, I get a new ID, which then gets thrown away when I log in and get the (now permanent) facebook or google id.
Am I supposed to write some "Identity Id Cleanup" function to go and sweep up all these old ids? How am I supposed to limit the number of Ids? (every time a user starts my app and logs in he will throw away a new unauthenticated ID... floating forever in Cognito Land).
I edited the AWSCognito.defaultCognito().wipe() method in AWSCognitoService.m and removed the keychain clear, but that didn't help because the keychain after logout contains the authenticated identityId from the google login.
I think the Unauthenticated users are not really well thought out. Just during testing with 3 Id's I generate about a dozen id's a day, they are marked as disabled in the identity pool.
How do I clean them up? Or how do I stop producing them?
or am i supposed to remember my own unauthenticated ids, and try to reconnect with them somehow (if so how?)
Upvotes: 3
Views: 659
Answers (1)
Reputation: 5671
It seems you do not want to support the 'Guest user' or 'Unauthenticated user' use case in your app. If this is correct, you can just disable "Unauthenticated Identities support" for your identity pool. Your users will always have to login with some provider before federating in this case and undesired unauthenticated identities will not be generated.
If you do want to support unauthenticated identities on a device, you should not wipe the data from device storage. If you do not wipe, the SDK will make sure it uses the cached identity id and will not generate a new one. Unlike authenticated identities, unauthenticated identities are by design only accessible if you know the identity id.
Upvotes: 1
Related Questions
- AWS - Cognito Federated identities
- Using Cognito Federated Identities from Xamarin
- amazon cognito federated identities
- AWS: How to properly authenticate a user against Cognito Pool and use it for Cognito Federated Identity?
- How to integrate Cognito User Pools with Cognito Federated Identity Pools
- AWS iOS SDK 2.4.0 & Cognito documentation
- AWS - Add identity provider for same Cognito Identity ID
- Delete and Retrieve AWS Cognito identity inside Cognito Federated Identity Pool
- AWS Cognito identityId changing for anonymous/guest users
- AWS Cognito - Creating multiple developer authenticated identities