CODEWITHSUNDEEP
amazon-web-servicesauthenticationgoogle-authenticationamazon-cognito
patrick_corrigan
patrick_corrigan

Reputation: 899

Email and Google authentication using AWS Cognito

My app currently uses a Cognito user pool for email and password authentication. It works very well. I want to add google authentication now.

I've added google as an identity provider by following the documentation here http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-social.html.

I've authenticated my user with google and get back an auth token from google and an id token. I'm unsure what to do next.

I imagine I somehow give this token to cognito and cognito gives me a cognito id token I can use for authentication with my app.

Upvotes: 4

Views: 3610

Answers (2)

Marcellia
Marcellia

Reputation: 212

FYI The new link for amazon-cognito-identity-js & case 16 code snippet is below for reference

https://github.com/aws-amplify/amplify-js/tree/master/packages/amazon-cognito-identity-js

// Use case 16. Retrieving the current user from local storage.

var poolData = {
    UserPoolId: '...', // Your user pool id here
    ClientId: '...', // Your client id here
};
var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData);
var cognitoUser = userPool.getCurrentUser();

if (cognitoUser != null) {
    cognitoUser.getSession(function(err, session) {
        if (err) {
            alert(err.message || JSON.stringify(err));
            return;https://stackoverflow.com/questions/46039134/email-and-google-authentication-using-aws-cognito#
        }
        console.log('session validity: ' + session.isValid());

        // NOTE: getSession must be called to authenticate user before calling getUserAttributes
        cognitoUser.getUserAttributes(function(err, attributes) {
            if (err) {
                // Handle error
            } else {
                // Do something with attributes
            }
        });

        AWS.config.credentials = new AWS.CognitoIdentityCredentials({
            IdentityPoolId: '...', // your identity pool id here
            Logins: {
                // Change the key below according to the specific region your user pool is in.
                'cognito-idp.<region>.amazonaws.com/<YOUR_USER_POOL_ID>': session
                    .getIdToken()
                    .getJwtToken(),
            },
        });

        // Instantiate aws sdk service objects now that the credentials have been updated.
        // example: var s3 = new AWS.S3();
    });
}

Upvotes: 0

Summer Guo
Summer Guo

Reputation: 279

Cognito does not accept Google token directly. You will need to use auth sdk to interact with authorize/token endpoints:
https://github.com/aws/amazon-cognito-auth-js/
https://github.com/aws/amazon-cognito-identity-js
You need to login with Google first. A corresponding user will be created in your user pool and the auth SDK will save that username and tokens in a local storage(same location where this SDK retrieves it from). By using use case 16 in this SDK you can retrieve that user and the session containing the tokens.

Upvotes: 3

Related Questions