Reputation: 2560
user authentication check using sts token instead of user/pass
I am new to aws cognito. Here is what I am trying to do:
I have some users and I want them to login to my website and then as far as their session is valid I would like to keep them in without forcing them to sign in. So as far as I understand I need to generate STS token using cognito and send to the user and then in the next calls user will send the sts token as a header and I check the sts token using cognito and if it is valid I will serve the users.
For that I use the instruction in the following link:
https://github.com/aws/amazon-cognito-identity-js/
So specifically I use this part to authenticate the user and establish session:
var authenticationData = {
Username : 'username',
Password : 'password',
};
var authenticationDetails = new AWSCognito.CognitoIdentityServiceProvider.AuthenticationDetails(authenticationData);
var poolData = {
UserPoolId : '...', // Your user pool id here
ClientId : '...' // Your client id here
};
var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);
var userData = {
Username : 'username',
Pool : userPool
};
var cognitoUser = new AWSCognito.CognitoIdentityServiceProvider.CognitoUser(userData);
cognitoUser.authenticateUser(authenticationDetails, {
onSuccess: function (result) {
console.log('access token + ' + result.getAccessToken().getJwtToken());
//POTENTIAL: Region needs to be set if not already set previously elsewhere.
AWS.config.region = '<region>';
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId : '...', // your identity pool id here
Logins : {
// Change the key below according to the specific region your user pool is in.
'cognito-idp.<region>.amazonaws.com/<YOUR_USER_POOL_ID>' : result.getIdToken().getJwtToken()
}
});
// Instantiate aws sdk service objects now that the credentials have been updated.
// example: var s3 = new AWS.S3();
},
onFailure: function(err) {
alert(err);
},
});
So far so good. However, now in any subsequent call I do not want to sent
var authenticationData = {
Username : 'username',
Password : 'password',
};
and instead I want to use the sts token to authenticate the user:
var authenticationData = {
sts: 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
};
var authenticationDetails = new AWSCognito.CognitoIdentityServiceProvider.AuthenticationDetails(authenticationData);
I do not see any example or usage of such a case. Is cognito the right service for this scenario and if yes how can I do the authentication check with sts?
Upvotes: 0
Views: 416
Answers (1)
Reputation: 665
I see that you are using AWS.CognitoIdentityCredentials in your authentication callback. That's used if your app needs AWS credentials to access various AWS services.
If your users are only interacting with your own website, the session you get after successful user authentication is valid up to 30 days by default.
You can check if the session is active or not by calling getSession on CognitoUser
You can configure that duration by changing Refresh Token Validity for your client in Cognito User Pool console.
Upvotes: 1
Related Questions
- Possible to authenticate an AWS Cognito user via the API?
- Cognito login with tokens
- Specifying User Access Control with Amazon Cognito
- AWS Cognito token verification c#
- How to get AWS AccessToken from Cognito, using Dev Authenticated Identities
- AWS Cognito - authenticate as a user
- AWS Cognito single use access token
- How to authenticate a cognito user with access token and id token
- Amazon Cognito: How to pass credentials to server-side application
- Verify user identity using cognito