CODEWITHSUNDEEP
amazon-web-servicesamazon-cognito
Marcel
Marcel

Reputation: 497

Is this auth flow possible with Amazon Cognito Identity and User Pool

I'd like to explain an auth flow and hope you can answer if Amazon Cognito is the correct solution for this.

Requirements: For every Login (Username/Password, Facebook, Google, etc., pp), there should be a valid User Pool account.

Flow Facebook (no identity or user pool account exists).

Customer clicks "Login with Facebook":

  1. calling GetOpenIdToken -> with the FB AccessToken

1a) at the same time, use the FB AccessToken to fetch the email address from Facebook

  1. calling AdminCreateUser with a generated password and Facebook email

  2. calling AdminInitiateAuth and fetch the idToken

  3. calling GetOpenIdToken and add the idToken for cognito user pool and the facebookAccessToken

Result: a user in the Cognito User Pool and a linked federated account

Important is for me: the token from 4) is a user pool token and contains "sub" (UUID which one is important for our internal database)

Ok, that's is ok and works good BUT:

Flow Facebook user comes back (identity and linked user pool account is available)

Customer clicks "Login with Facebook":

  1. calling GetOpenIdToken -> with the FB AccessToken

  2. calling DescribeIdentity and get the Login List

2a) we can see that there is a linked user pool id and don't need to create a new user

exact at this point comes the question:

how can I get a user pool token if I just have the facebookAccessToken, but a linked user pool login?

and is it possible to get the user pool data for that linked user just with the Facebook accessToken?

If this the correct flow or is this auth flow not supported by Cognito?

Thanks

Upvotes: 0

Views: 909

Answers (2)

José Ramón Barro
José Ramón Barro

Reputation: 9

Those Flows are not currently supported by AWS Cognito. You can build the customize flow on your identity api and just use cognito with Developer Credentials. But not recomended

Upvotes: 0

Rachit Dhall
Rachit Dhall

Reputation: 1661

No this is not supported currently. You have created an identity in Cognito Federated Identities which has linked logins (FB and Cognito User Pools), but to authenticate with Cognito User Pools you currently cannot use Facebook access token. The only way to get the user pool token is by using the username/password for that account.

We have heard this request from multiple customers and would consider adding it in future releases.

Upvotes: 2

Related Questions