Reputation: 2693
How to get Cognito user pool "sub" attribute on iOS
I am using a "Cognito User Pool authorizer" (no "AWS_IAM" option, no custom coded authorizer) to call Lambda methods via API Gateway and identify the user logged in on the iOS client.
On Lambda, I use the user id I get from the Cognito User Pool authorizer via event.requestContext.authorizer.claims.sub (to store the user id with some DynamoDB items).
I now need to compare this with the id of the logged in user in the iOS client.
I found [AWSIdentityManager defaultIdentityManager].identityId, but this (obviously) returns he IdentityID (which I can look up in the AWS console in Cognito --> Federated Identities --> Identity Browser), which is different from the "sub" id I see in Cognito --> User Pools --> Users and groups
Can I get the "sub" via the AWS iOS SDK?
If I cannot get it, what other id parameter should I use that I can retrieve both on Lambda and the client to identify the current client user/the user making the API request?
Upvotes: 2
Views: 2862
Answers (2)
Reputation: 30770
Another solution (tested with the AWS JavaScript SDK):
When we authenticate with Cognito, we can retrieve a JWT token:
user.authenticateUser(authenticationDetails, {
onSuccess: (result) => resolve(result.getIdToken().getJwtToken()),
onFailure: (err) => reject(err)
})
It happens that this JWT token is an standard object that can be decoded.
Using Auth0 JWT decode (npm install jwt-decode), we can decode this token and retrieve all user attributes (e-mail, username, etc.) and the sub.
var jwtDecode = require('jwt-decode');
var decoded = jwtDecode(token);
console.log(decoded);
// prints sub, email, username, ...
Upvotes: 2
Reputation: 2693
It seems that I have to specifically request the attributes via the user details like this:
AWSCognitoIdentityUserPool *pool = [AWSCognitoIdentityUserPool CognitoIdentityUserPoolForKey:AWSCognitoUserPoolsSignInProviderKey];
AWSCognitoIdentityUser *user = [pool currentUser];
NSString *mySub;
[[user getDetails] continueWithBlock:^id _Nullable(AWSTask<AWSCognitoIdentityUserGetDetailsResponse *> * _Nonnull task) {
if(!task.error){
AWSCognitoIdentityUserGetDetailsResponse *response = task.result;
NSArray<AWSCognitoIdentityProviderAttributeType*> *userAttributes = response.userAttributes;
for (AWSCognitoIdentityProviderAttributeType *attr in self.userAttributes) {
if ([attr.name isEqualToString:@"sub"]) {
mySub = attr.value;
}
}
} else {
NSLog(@"Error fetching Cognito User Attributes: %@", task.error.localizedDescription);
}
}];
Upvotes: 2
Related Questions
- AWS Cognito User Pool : Given an App client id, how to get its Pool Id?
- How to get AWS Cognito user attributes using AWSMobileClient in iOS?
- AWS Cognito User Pools in iOS (Swift) app
- Getting user attributes from Cognito User Pool
- How to get a user attribute from an AWS Cognito user pool in Swift?
- How to set Cognito User Pool User DeviceAttributes
- AWS iOS Cognito - How To Check For a User in a Userpool?
- How do I integrate cognito user pool with identity pool?
- How to integrate Cognito User Pools with Cognito Federated Identity Pools
- Using Amazon Cognito Identity User Pools