Integerate User pool with Cognito Identity in android

Question

I have been trying to fix the issue when sync User pool login with Cognito Identity.

The following code snippet to use integerate user pool with Cognito identity

private AuthenticationHandler authenticationHandler = new AuthenticationHandler() {

    @Override
    public void onSuccess(CognitoUserSession userSession, CognitoDevice device) {   
        //Sync User pool login in Cognito 
        syncCognitoLogin(userSession);

    }

    @Override
    public void onFailure(Exception e) {
        Log.d("AlexaCognitoLoginFragment", "onFailure error : " + e.getMessage());
    }

    @Override
    public void getMFACode(MultiFactorAuthenticationContinuation arg0) {

    }

    @Override
    public void getAuthenticationDetails(AuthenticationContinuation continuation,
            String userName) {

        //set authentication details
        AuthenticationDetails authenticationDetails = new AuthenticationDetails(userName, "12345678", null);
        continuation.setAuthenticationDetails(authenticationDetails);
        continuation.continueTask();

    }

    @Override
    public void authenticationChallenge(ChallengeContinuation arg0) {

    }
};

private void syncCognitoLogin(final CognitoUserSession session){
     if(cognitoSyncManager == null){
         throw new IllegalStateException("Sync Manager not yet initialized");
     }


     new AsyncTask<Void, Void, Void>() {

        @Override
        protected Void doInBackground(Void... params) {

             Map<String, String> logins = cachingCredentialsProvider.getLogins();

             if(logins == null) {
                 logins = new HashMap<String, String>();
             }
             logins.put("cognito-idp." + Regions.US_EAST_1 + ".amazonaws.com/" + USER_POOL_ID, session.getIdToken().getJWTToken());
             cachingCredentialsProvider.setLogins(logins);

            String identityID = cachingCredentialsProvider.getIdentityId();
            Log.i(TAG, "Identity ID=" + identityID );

            return null;
        }
    }.execute();

    Log.i(TAG, " Cognito Login sync successfully for session " + session.getIdToken().getJWTToken());


}

Error when attempt Login

E/CognitoCachingCredentialsProvider: Failure to get credentials E/CognitoCachingCredentialsProvider: com.amazonaws.services.cognitoidentity.model.NotAuthorizedException: Unauthenticated access is not supported for this identity pool. (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: NotAuthorizedException; Request ID: 96dc9b9f-b7c1-11e6-9f6d-b3b036ebf640) E/CognitoCachingCredentialsProvider: at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:712) E/CognitoCachingCredentialsProvider: at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:388) E/CognitoCachingCredentialsProvider: at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:199) E/CognitoCachingCredentialsProvider: at com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient.invoke(AmazonCognitoIdentityClient.java:558) E/CognitoCachingCredentialsProvider: at com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient.getId(AmazonCognitoIdentityClient.java:444) E/CognitoCachingCredentialsProvider: at com.amazonaws.auth.AWSAbstractCognitoIdentityProvider.getIdentityId(AWSAbstractCognitoIdentityProvider.java:172) E/CognitoCachingCredentialsProvider: at com.amazonaws.auth.AWSEnhancedCognitoIdentityProvider.refresh(AWSEnhancedCognitoIdentityProvider.java:76) E/CognitoCachingCredentialsProvider: at com.amazonaws.auth.CognitoCredentialsProvider.startSession(CognitoCredentialsProvider.java:561) E/CognitoCachingCredentialsProvider: at com.amazonaws.auth.CognitoCredentialsProvider.getCredentials(CognitoCredentialsProvider.java:371) E/CognitoCachingCredentialsProvider: at com.amazonaws.auth.CognitoCachingCredentialsProvider.getCredentials(CognitoCachingCredentialsProvider.java:441) E/CognitoCachingCredentialsProvider: at com.amazonaws.auth.CognitoCachingCredentialsProvider.getCredentials(CognitoCachingCredentialsProvider.java:76) E/CognitoCachingCredentialsProvider: at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.invoke(AmazonDynamoDBClient.java:4168) E/CognitoCachingCredentialsProvider: at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.getItem(AmazonDynamoDBClient.java:1232) E/CognitoCachingCredentialsProvider: at com.amazonaws.mobileconnectors.dynamodbv2.dynamodbmapper.DynamoDBMapper.load(DynamoDBMapper.java:393) E/CognitoCachingCredentialsProvider: at com.amazonaws.mobileconnectors.dynamodbv2.dynamodbmapper.DynamoDBMapper.load(DynamoDBMapper.java:466) E/CognitoCachingCredentialsProvider: at com.amazonaws.mobileconnectors.dynamodbv2.dynamodbmapper.DynamoDBMapper.load(DynamoDBMapper.java:340) E/CognitoCachingCredentialsProvider: at com.amazonaws.youruserpools.UserActivity$2.doInBackground(UserActivity.java:256) E/CognitoCachingCredentialsProvider: at com.amazonaws.youruserpools.UserActivity$2.doInBackground(UserActivity.java:252) E/CognitoCachingCredentialsProvider: at android.os.AsyncTask$2.call(AsyncTask.java:288) E/CognitoCachingCredentialsProvider: at java.util.concurrent.FutureTask.run(FutureTask.java:237) E/CognitoCachingCredentialsProvider: at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231) E/CognitoCachingCredentialsProvider: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112) E/CognitoCachingCredentialsProvider: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587) E/CognitoCachingCredentialsProvider: at java.lang.Thread.run(Thread.java:841)

Answer 1

The error says Unauthenticated access.

So try this. Go to Federated Identities > Edit Identity Pool

Then try to add the Unauthenticated Role by clicking Create New Role. (If any Role is present in unauthenticated role don't change it). In next page click Allow in the bottom right.

If the problem still persists then do either of the below:

1. If you have used Mobile Hub and make changes to User Sign-in settings > Are users required to sign in to your app? Make is Optional and then use the Sample Code
2. Else check the AWSConfiguration File which stores all the required ID (Identity Pool id, Client Id) and verify they match with the ones you are using.

For Documentation and details follow Rachit's Comment.

Answer 2

The error you are seeing indicates that you are trying to access Federated Identities in an unauthenticated manner (means no authentication credentials provided) and your identity pool does not support unauthenticated providers.

You need to authenticate the user with username & password and get id token in response. This will be used in the logins map to be set on the credentials provider.

We have detailed documentation on the integration of user pools with federated identities. Please let us know if you have any issues in following the documentation.