Questions tagged [amazon-cognito]

0

votes
0

answer
5

Views

Creating an page on web app where an admin can confirm users in AWS Userpool

I'm currently building out a server-less web application on AWS that allows end users to register for accounts. My registration process (to create users) is making use of aws-amplify for JavaScript to send requests to AWS Cognito from the front-end. There is absolutely no custom backend I'm running...
Pas
0

votes
0

answer
7

Views

User Sign Up / AWS Cognito

I am trying to enable a user to sign up in an iOS app, using AWS Cognito. This is the relevant code for the question coming right after: awsUserPool?.signUp(username, password: password, userAttributes: attributes, validationData: nil).continueWith { DispatchQueue.main.async(execute: { if let error...
Michel
0

votes
0

answer
3

Views

Cognito SAML - Request expired

I am using SAML identity provider for Cognito User Pool with ADFS. The client app is web based using Cognito Auth JS. In some cases the sign in is failing. ADFS is returning a successful SAML response, which gets Posted to Cognito SAML endpoint. But cognito produces an error as 'Request Expired'. Th...
Tarun Tyagi
0

votes
1

answer
69

Views

Service to service workflow with AWS cognito and AWS Lambda

I'm rather new to AWS Cognito and AWS Lambda. So far I've played around with Serverless and deployed my REST API via AWS Lambda. However, I would like to make my API available for several external parties. As this is service to service, there is no end user directly calling my API. I make the API a...
math
1

votes
1

answer
38

Views

How to read AWS cognito custom attributes and logged in user in lambda

I have created a custom attributes inside aws congnito pool, now adding Post authentication lambda and inside of lambda want to read 'custom attributes' and loggedin username . Inside Node.js lambda : var email=event.request.userAttributes.email; var refNumber=event.request.userAttributes.ref_numb...
vaquar khan
0

votes
0

answer
6

Views

Is there a way to verify email without also confirming account status for a user within a user pool in AWS Cognito?

I'm setting up a web application and want to use AWS Cognito to handle the user authentication portion. This is the flow that I want. New end user visits web app and clicks Sign Up. End user enters email and password and clicks Create Account. User sees message on screen 'Email has been sent to you...
Pas
1

votes
1

answer
106

Views

AWS: getting limited IAM credentials for DynamoDB without JS SDK

What I want to achieve: My case described in this article but I do not want to use SDK on my webpage - I want to keep my app simple and fast, but as it turned out - it is hard to find an example that does not use SDK. I stumped with http call from which I need to get limited IAM credentials for Dyna...
Vitaly Zdanevich
1

votes
0

answer
58

Views

Connect Unauthenticated Federated Identity ID with User Pool

I'm trying to implement an option in Mobile app (Xamarin) for users to be able to login into App as a guest user. Right now I'm able to obtain the Federated Identity ID for a guest user. It has a form of AccessKey/SecretKey/Token. I'm struggling with translating that credentials to accesToken and r...
Taier
1

votes
1

answer
330

Views

How to Verify AWS Cognito user on Server (running on nodeJS)

I am using AWS Cognito User Pools to signup & signin my users(client, iOS). My user's make calls to endpoints on the server running on NodeJS (EC2 Instance). How can I authenticate my users on the server (NodeJS) ? One way that I see is, to generate a JWT token on the client side and pass it to the...
kurrodu
1

votes
0

answer
713

Views

AWS Cognito userpool changed email address pointless validation code?

i have set up a user pool using option 2 ( see docs here ) where i use the email address to sign in together with a password. users are able to register and log in successfully. users can successfully change the email address. i then use this code to change the email address: cognitoUser.updateAttr...
Clive Sargeant
1

votes
0

answer
65

Views

S3: what is the correct design for invalidation of presigned urls?

As it turned out there is no API for invalidating of presigned urls, but it is possible to drop access from IAM policy. If I have a service with many users (in Cognito Userpool) - what is the correct design for some kind of url invalidation? Do I need to have as many IAM accounts as a users I have?...
Vitaly Zdanevich
1

votes
1

answer
340

Views

Amazon cognito not giving refresh token provided by federated identity provider (Google login)

I am trying to add a Google login through Amazon Cognito, I have setup everything needed, I have also configured the attribute mapping from google to my pool attributes, I've mapped 'access_token' attribute to 'google_access_token' attribute and 'refresh_token' to 'google_refresh_token'. When sign i...
Madhav Chaturvedi
1

votes
0

answer
159

Views

Can't authenticate with AWS Cognito

Can someone help me to figure out why this code does not work? services/auth.js import { CognitoUserPool, CognitoUserAttribute, CognitoUser, AuthenticationDetails } from 'react-native-aws-cognito-js'; const COGNITO_POOL = new CognitoUserPool({ region: 'us-west-1', IdentityPoolId: '****', UserP...
Seva
1

votes
0

answer
56

Views

Integrate AMAZON CONGNITO with GRAILS 3 and spring-security-core

I am looking to start a new project on GRAILS 3 which will use Amazon CONGNITO and spring-security-core. The main objective is to use Amazon CONGNITO user pool as a centralized user auth for both GRAILS 3 application which will include spring-security-core and for the ANGULAR API. Is there any plugi...
Sanjay
1

votes
1

answer
446

Views

Amazon Cognito: Require verification of both email and phone

If a user provides both an email and phone, I need to require both to be verified. It looks like there isn't a way to do this without extra steps as described here https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html Is there a way to require bot...
irregular
1

votes
1

answer
105

Views

How to get principal from Amazon Cognito code/token

I'm going to use Amazon Cognito to provide user authentication for my app. For now, I set up integration so I have auth code/token after the user logged in the Cognito. But what the next? How can I get any useful info (fx. email) using the token?
Sergey Lagutin
1

votes
1

answer
162

Views

Is it safe to use AWS Cognito on the server-side with Node.js?

If AWS Cognito is used with Node.js on the server-side, aren't the passwords, which are sent over, exposed without any form of encryption? AWS Cognito is intended to be used on the client-side, however I could get it work in my Node.js code, but I am wondering if a password is sent to the server, wh...
Norbert Majubu
1

votes
2

answer
424

Views

Integrate AWS Cognito to MEAN Stack

I have a starter level MEAN app with angular v4. There is no Authentication mechanism built in yet no passport nothing. I want to use AWS cognito for Authentication (Sign In/UP). Do I need passport for this purpose or Cognito is enough by itself. I am not sure about the steps to take for Integrating...
SamSamet
1

votes
0

answer
48

Views

AWS cognito && nodejs - How do I add my client secret to validate my tokens?

I'm trying to set up a node REST wrapper for cognito to act as auth for my web service. Tokens are generated from node and sent to the client via endpoints like /login How do I add my client secret to the SDK?
David Alsh
1

votes
0

answer
38

Views

Implementing sign up with aws cognito in android without hosting

I'm trying to implement User Sign-In and Sign-Up using Amazon Cognito user pools for an Android App without any hosting. I'm a beginner at AWS Cognito, however, I was able to create a User pool successfully and integrate Federated Identities to the user pool as well. I read many articles and did a l...
Cassendra44
1

votes
0

answer
62

Views

Setting IAM role for Lambda after login with Cognito on iOS

I'm getting a trouble when trying to connect AWSCognito to AWSLambda to pass an Auth role into it. My application has serverless architecture based on CognitoUserPool's, Lambda and IAM. So I have one configuration for all these things like the following: let credentialsProvider = AWSCognitoCredentia...
wolltone
1

votes
1

answer
302

Views

Angular 2 - Create user in a group AWS cognito

I am signing up a user into userpool(AWS Congito). How can I create user assigned to a group. I used following code for creating user, I wanna create and assign that to a group. this.userPool = new AWSCognito.CognitoUserPool(this.poolData); this.attribute = { Name: 'email', Value: this.email }; this...
Veera
1

votes
0

answer
109

Views

AWS Cognito sign-on in iOS: don't ask for phone #

I'm going through the AWS tutorial on integrating AWS with mobile apps. The default sign up view controller has a field for the phone number. I made the email the only required field in the Cognito console. I also disabled sign-in with phone number. Is there a way to remove the phone number field fr...
Macondo2Seattle
1

votes
0

answer
96

Views

How to integrate AWS Cognito federated identities in a production environment?

I have been trying to integrate a solution for user authentication and authorization in a serverless web application that uses Api gateway and is exposed to customers. Users login through Cognito user pools and obtain temporary AWS access keys through Cognito federated identities, which are then use...
Jesuspc
1

votes
1

answer
267

Views

AWS Cognito - Can I use the migration trigger in a Custom auth flow

I am investigating the recently released migration trigger for cognito user pools. To enable the trigger you need to set the AuthFlow type in the InitiateAuthRequest to be 'USER_PASSWORD_AUTH' see here: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-import-using-lambda....
dpix
1

votes
1

answer
251

Views

Can one set email_verified to true in Cognito programmatically? How?

When I update the cognito users' email attribute via the updateAttribute or adminUpdateAttribute API, email_verified will be set to false. So I'd like to set email_verified to true programitically. My understanding is that it should use GetUserAttributeVerificationCode and VerifyUserAttribute API to...
R.yama
1

votes
0

answer
159

Views

Unable to sts:AssumeRoleWithWebIdentity for a Cognito user

I have a simple use case to authenticate a user using AWS Cognito and the assume a role to be able to do something useful (read from S3 in my case). Apparently I am missing something very obvious. I am using pure web http client with cognito authentication (so Cognito can federate other identity pro...
gusto2
1

votes
0

answer
290

Views

Get identity provider oauth tokens in AWS cognito user pool

Is there ANY possible way to get an identity providers oauth tokens when signing them up for a user pool? I need offline access to a google users access and refresh tokens. So far I've tried: 1) Using the amazon-cognito-auth-js library I'm able to create a user but there is no way to get the oauth a...
Bill Johnston
1

votes
1

answer
172

Views

Is there a boto3 funciton to convert authorization_code into authorization_token

My project is python and using boto3 lib. I'm using aws cognito Authorization code grant flow with return_type=code instead of return_type=token (implicit flow). Once my user is authorized my redirect url is injected with the queryStringParameter code=4d55a121-8ffc-4058-844b-xxxx. outlined here I n...
knittledan
1

votes
0

answer
62

Views

AWS Cognito - What is the “randomPassword” used for?

while setting up a project in React Native using AWS Cognito UserPools, I found an interesting value was being returned for my users when logging in. When using the amazon-cognito-identity-js SDK, (github found here: https://github.com/aws/aws-amplify/tree/master/packages/amazon-cognito-identity-js)...
Z_z_Z
1

votes
2

answer
713

Views

Can't destroy AWS Cognito session from within React application

I'm trying to log out of my application that's using AWS Cognito by calling their logout endpoint. I'm not using the AWS SDK because as far as I can tell, it does not yet cover oauth app integrations and sign in using external federated identity providers (please correct me if I'm wrong about that)....
Scott Letkeman
1

votes
2

answer
586

Views

How to use AWS Cognito with my own Login/MFA/Reset Password pages?

I'm trying to understand if/how I can use Cognito as an OCID / IdP but with my own 'skin' to it. Using the Cognito CSS customization is not nearly sufficient. To be more precise, I am trying to build an SSO front-end that leverages Cognito's UserPools, Access/Refresh tokens, Device trusting/etc....
Eric B.
1

votes
1

answer
364

Views

How to use Federation from a User Pool (not from an Identity Pool)!

I'm trying to use Federation from a User Pool. Note, I am not talking about Federated Identity Pool a different concept. Is there a SignIn API for federated users or is just a hosted UI Does the app 'have to' open a browser on a Sign In URL that looks like https://XXXXXX.au=th.XXXXX.amazoncognito.co...
mipnw
1

votes
0

answer
282

Views

Serverless API Gateway AWS_IAM Angular 5 signing request

I'm working on an Angular 5 Project that has a Serverless API that requires Authentication using AWS_IAM. So a bit of context. We're using Cognito Federated Identities to issue our temp credentials. Cognito is using our AD FS environment to federate. When I use the temp credentials provided by Cognt...
user1002089
1

votes
0

answer
141

Views

Aws cognito email verification error

I am new to aws and need some help with a cognito issue. I am trying to use aws cognito for registering user. User passes email and password to cognito and then will receive an email with verification link. However, when clicking on the link for verifying email, always get the following error messa...
Delone Stan
1

votes
1

answer
473

Views

Lambda function on cognito login is not working for first time

I attached lambda function to my user pool. When i am creating the user pool first time using terraform, it is not working with error: 'Lambda function: AccessDenied' If I remove the lambda function and reattach it, it is working fine. Any clue why this is happening?
Jayesh Dhandha
1

votes
0

answer
97

Views

User Pool Sign-up through social provider (google, facebook)

Is it possible to do a sign-up to the user pool using a third party social provider like facebook or google? I'm using amazon-cognito-auth-js amazon-cognito-auth-js but I cannot differentiate sign-in from sign-up
niqui
1

votes
0

answer
70

Views

Migration trigger not called on sign in with google

I am trying to migrate user from my current directory to cognito userpool. I was able to migrate user when they enter username and password, but not able to migrate when user sign in with google. I have linked google accounts with existing user in my current directory( I use email to send authentica...
Shubham Mundra
1

votes
0

answer
23

Views

How does AWS method level authorization know whether a user is a normal user or an administrator?

This tutorial explains how to setup two different IAM user types (user and administrator), in order to obtain a different set of gateway authorization credentials. How is this setup within within Cognito (How do we assign the IAM user to the person logging in?) such that the the access credentials...
Ole
1

votes
0

answer
36

Views

AWS Cognito SDK missing user attribute

I'm using AWS cognito and it's built-in UI in my Android App. I selected family name as required in AWS console but the field is not shown within the create new account form. How can I add this field to the form. Thank you.

View additional questions