AWS Cognito can't set credentials on CognitoIdentityCredentials

I'm having issue with setting credentials for AWS Cognito.

I have below code from AWS amazon-cognito-identity-js on Use case 4.

AWS.config.credentials = new AWS.CognitoIdentityCredentials({
            IdentityPoolId : '...', // your identity pool id here
            Logins : {
                // Change the key below according to the specific region your user pool is in.
                'cognito-idp.<region>.amazonaws.com/<YOUR_USER_POOL_ID>' : result.getIdToken().getJwtToken()
            }
        });

I have checked that I'm sending correct IdentityPoolId and Logins on CognitoIdentityCredentials method but I get undefined on accessKeyId and sessionToken as a return.

Below is what I got. CognitoIdentityCredentials {expired: true, expireTime: null, accessKeyId: undefined, sessionToken: undefined, params: Object…}

Any idea how to fix this?

Upvotes: 7

Answers (3)

lemming

Reputation: 1873

Assigning the result of new CognitoIdentityCredentitals() to AWS.config.credentials doesn't actually get credentials. It just sets up the credentials provider. This is why when you check the credentials the accessKeyId is undefined and expired is set to true.

If you then call AWS.config.credentials.get() the provider will then request active credentials.

However, another thing to point out is that you don't have to call AWS.config.credentials.get() in order to use a service, because each service will call AWS.config.credentials.get() under the hood when they are being set up.

AWS.config.credentials = new AWS.CognitoIdentityCredentials({ ... });
console.log(AWS.config.credentials.expired); // false

/**
 *  The dynamoDB service will call AWS.config.credentials.get()
 *  under the hood when it is being set up,
 *  so you can immediately start using services like this.
*/
const dynamoDB = new AWS.DynamoDB();
console.log(AWS.config.credentials.expired); // true

Upvotes: 2