AWS Cognito check and get users - ios

I'm building an iOS App that is using Amazon MobileHub. Currently it's associated with Cognito and the sign up and sign in flow works great.
What I'm trying to achieve is for one user to be able to add another user as a friend so to speak. To make that possible, I need to check if a user with a specific username exists and if it does, get some attributes such as the name of that target user.
I've tried to use the get user > get details function but it gives me an error Authentication delegate not set.
Here's the code I used:
var pool: AWSCognitoIdentityUserPool?
let user = pool?.getUser(usernameField.text!)
self.pool = AWSCognitoIdentityUserPool.init(forKey: AWSCognitoUserPoolsSignInProviderKey)
user?.getDetails().continueWith { (task: AWSTask<AWSCognitoIdentityUserGetDetailsResponse>) -> Any? in
if let error = task.error as NSError? {
print("ERROR: " + error.localizedDescription)
return ""
}
print(task.result)
return ""
}
An approach I thought of was to store the username and the attributes I want to access to DynamoDB and then access it there but that will just create double unnecessary entries.

The issue you'll run into is that user attributes aren't publicly visible. Only the user who has signed in can call GetUser. If it's a back end process, you could do this via the AdminGetUser operation, but this looks client side so I wouldn't recommend that. The only real way around this would be to do what you suggested at the bottom of your post, ultimately.

Related

Given a users UID can I access his profile info?

I know that I can save user info to his profile with firebase. But I am wondering if I am able to get this same info when all I have is a UID?
As I understand it I can only do this to get the info:
Auth.auth().currentUser.displayName...
It seems like If I want to be able to fetch other users info I would have to keep a copy of their data in a users node.
Am I correct? Or can I access their profile info withought having to keep a copy?
If you use firebase authentication, then you can retrieve the current user info. So, if currently user X is logged in and he is authenticated, you can retrieve the following info about him:
let user = Auth.auth().currentUser
if let user = user {
// The user's ID, unique to the Firebase project.
// Do NOT use this value to authenticate with your backend server,
// if you have one. Use getTokenWithCompletion:completion: instead.
let uid = user.uid
let email = user.email
let photoURL = user.photoURL
// ...
}
If you want to retrieve information about other users, then in that case you need to use firebase database:
users
userId (firebase authentication)
name : user X
userId
name : user Y
Depending on the reason you need this data, you can actually get access to an auth user by using the firebase-admin package.
inside of your firebase function - or node.js backend - (this is only for backend node.js functions, not for front-end), you can get the user by doing the following:
const admin = require("firebase-admin");
const authUser = await admin.auth().getUser(uid);
authUser = authUser.toJSON(); // Optional
You can read more about retrieving user data here
If you want to load in multiple users at once, you can easily use the getUsers function and it's also possible to load in the user based on other information like email:
getUser(uid)
getUserByEmail(email)
getUserByPhoneNumber(phoneNumber)

Can you only allow users with a specific email address to sign up and use your app

I currently have user authentication in my app using firebase and swift 3. Is there a way to only let users with a certain email address to sign up to use my app?
Essentially what you want to do is include a boolean test to determine whether the email text contains the domain you want.
Here is a function that determines whether or not the input text contains a set domain.
func isValidEmail(testEmail:String, domain:String) -> Bool {
let emailRegEx = "[A-Z0-9a-z._%+-]+#[\(domain)]+\\.[com]{3,\(domain.characters.count)}"
let emailTest = NSPredicate(format:"SELF MATCHES %#", emailRegEx)
let result = emailTest.evaluate(with: testEmail)
return result
}
Here's an example of me using it
let customDomain = "mycompanyname"
let test = "frank#mycompanyname.com"
if isValidEmail(testEmail: test, domain: customDomain) == true {
//Test succeedes... Here you would register the users as normal
print("register \(test)")
}else{
//Test fails... Here you might tell the user that their email doesn't check out
print("register failed")
}
Additionally, I would take a look at Apples App Distribution Guide for if you want to distribute your app locally to say an employee base.
Hope this helps.
You can do the following client and backend checks to enforce this:
On the client side, you can block sign-in when an invalid email domain is provided. If you are using some federated sign in with Google or Facebook, etc, you can on return check the currentUser.email and currentUser.delete the user if the email doesn't match your domain. Google also provides an 'hd' parameter to specify the user domain if you are using GSuite.
You can use Firebase Functions onCreate event to delete a user quickly every time one is created with an invalid email domain.
If you are using database rules, you can block access if the email doesn't match:
".read": "auth != null && auth.uid == $uid" && auth.token.email.matches(/.*#mydomain.com$/)
If you are using your own backend, when getting the ID token of a user, validate it, then get the email and make sure it matches your domain, if not, you can delete the user. The Firebase Admin SDKs provide the ability to verify an ID token and delete a user by UID.

iOS - AWS Cognito - Check if user already exists

I want to allow a user to enter their email address/password in a field. Upon continuing, I want to run a check to see if that user already exists. If they do, log them in and continue with app, if they do not, move to account creation flow where they will be instructed to add name, phone number, etc.
I cannot for the life of me find documentation on how to log a user in using AWS Cognito. I should be able to pass email/pass in a call and get a response back that says User Exists/User does not exist or whatever! Am I missing something here?
Any help would be greatly appreciated. I've scoured the documentation..this is my last resort.
In the current SDK, calling getUser on your AWSCognitoIdentityUserPool just constructs the in-memory user object. To make the call over the network, you need to call the getSession method on the constructed user. Here's a Swift 3 method I wrote to check whether an email is available:
/// Check whether an email address is available.
///
/// - Parameters:
/// - email: Check whether this email is available.
/// - completion: Called on completion with parameter true if email is available, and false otherwise.
func checkEmail(_ email: String, completion: #escaping (Bool) -> Void) {
let proposedUser = CognitoIdentityUserPoolManager.shared.pool.getUser(email)
UIApplication.shared.isNetworkActivityIndicatorVisible = true
proposedUser.getSession(email, password: "deadbeef", validationData: nil).continueWith(executor: AWSExecutor.mainThread(), block: { (awsTask) in
UIApplication.shared.isNetworkActivityIndicatorVisible = false
if let error = awsTask.error as? NSError {
// Error implies login failed. Check reason for failure
let exceptionString = error.userInfo["__type"] as! String
if let exception = AWSConstants.ExceptionString(rawValue: exceptionString) {
switch exception {
case .notAuthorizedException, .resourceConflictException:
// Account with this email does exist.
completion(false)
default:
// Some other exception (e.g., UserNotFoundException). Allow user to proceed.
completion(true)
}
} else {
// Some error we did not recognize. Optimistically allow user to proceed.
completion(true)
}
} else {
// No error implies login worked (edge case where proposed email
// is linked with an account which has password 'deadbeef').
completion(false)
}
return nil
})
}
For reference, my ExceptionString enum looks like this:
public enum ExceptionString: String {
/// Thrown during sign-up when email is already taken.
case aliasExistsException = "AliasExistsException"
/// Thrown when a user is not authorized to access the requested resource.
case notAuthorizedException = "NotAuthorizedException"
/// Thrown when the requested resource (for example, a dataset or record) does not exist.
case resourceNotFoundException = "ResourceNotFoundException"
/// Thrown when a user tries to use a login which is already linked to another account.
case resourceConflictException = "ResourceConflictException"
/// Thrown for missing or bad input parameter(s).
case invalidParameterException = "InvalidParameterException"
/// Thrown during sign-up when username is taken.
case usernameExistsException = "UsernameExistsException"
/// Thrown when user has not confirmed his email address.
case userNotConfirmedException = "UserNotConfirmedException"
/// Thrown when specified user does not exist.
case userNotFoundException = "UserNotFoundException"
}
Some clarification is in order. Cognito has several parts. The part that does "Authentication" (which is what you are talking about) is called "Cognito User Pools". Not to be confused with Cognito Federated Identity Pools.
With User Pools you can create usernames and password combinations with attributes, and these can be used to authenticate and deliver a persistent, cross device, Cognito Federated identity identityId to a user (across multiple devices).
Once logged in, the Federated Identity Pool is hooked to roles which can get your "Authorized" to use AWS services (like Dynamo DB etc).
It can be tricky to get all these parts working together and AWS has an online site called "Mobile Hub" that will build code for you and download an xcode project. This process configures the Federated Identity Pool and the User Pool correctly, and connects them all up to a set of example code.
Connecting the credentials provider to the user pool to the identity pool is a bit counterintuitive, but the AWSIdentityManager in the aws-mobilehub-helper-ios on github manages all that for you. So I would recommend starting with mobile hub on the console.
Cognito is a somewhat confusing system, here is a link to a brief powerpoint that hits the highlights of how it works (for people that can't understand the AWS docs (like me)).
With that said, "how to check if a user already exists?"
The most reasonable approach is to create the user (via signup), and get a reject if the name is in use, and suggest that your user try a different username. With respect to the email being in use, you will get that reject upon confirmation (signup sends confirmation id's by email and/or via text). This can be overridden to reclaim the email address, or you can do a test beforehand to see if the email is in use by attempting to log in and looking at the failure code.
you can fetch the user as the other answer suggests, however if you have established in user pools an alias for login (like email) you will find this problematic, because this just tells you if someone has the user name, not if someone is already using the email address, and you will get a reject later at confirmation time.
ListUsers is now a nice way to check for existing usernames.
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUsers.html
You can also look for existing emails, phone numbers, and other default attributes.
Here is a simple .NET example:
Dim userRequest = New ListUsersRequest With {
.UserPoolId = "poolId",
.Filter = "username = bob#email.com"
}
Dim response = amazonCognitoIdentityProviderClient.ListUsers(userRequest)
Debug.WriteLine(response.Users.Count)

How AWS-Cognito and DynamoDB will work for mobile development-iOS-Swift

I am trying to use AWS Cognito and AWS DynamoDB for my mobile app have gone through with AWS Documentation also but as much as I dive into I use to get a new service which is somehow interrelated with another, Please help with what is a right approach I am trying to elaborate a more it might possible I understood the things in wrong way :
So I have two screens one is sign up and another is login
According to me when user will sign in by putting their credentials I am creating an Identity id and dataset which is succesfully created here is the code foe iOS Swift :
#IBAction func submitButtonAction(sender: UIButton)
{
var username = self.inputTfUn.text
var pass = self.inputPAss.text
let credentialProvider :AWSCognitoCredentialsProvider
let syncClient :AWSCognito
credentialProvider = AWSCognitoCredentialsProvider(regionType: AWSRegionType.USEast1, identityPoolId: "**your idetity id**")
let configuration = AWSServiceConfiguration(region :AWSRegionType.USEast1, credentialsProvider: credentialProvider)
AWSServiceManager.defaultServiceManager().defaultServiceConfiguration = configuration
syncClient = AWSCognito.defaultCognito()
credentialProvider.refresh().continueWithBlock { (task) -> AnyObject! in
print(credentialProvider.identityId)
let dataset = syncClient.openOrCreateDataset("UserData")
dataset.setString(self.inputTfUn.text, forKey: "username")
dataset.setString(self.inputPAss.text, forKey: "password")
dataset.synchronize().continueWithBlock({ (task) -> AnyObject! in
if(task.error == nil){
print("success")
}
return nil
})
return nil
}
}
`
on click of submit
In AWS cognito:
I have an Identity ID and Dataset in cognito.
Now I AM not sure how It will work to get a user authentication. Do I need to save it to DynamoDB If I have to save it how this will work I mean I tried this also by writing lambda function and many things.. but I think I was not going in right direction or its not the right approach ... Please help if any one is clear with right approach.
I would be using AWS Cognito and AWS Dynamo DB.
What I understand is that you are using Cognito to store credentials(username and password) for your app users. Later you want to authenticate users in your app against this data stored in Cognito Datasets. This is not the right use case to use Cognito and we advise against it.
For user authentication you can use any public login providers such as Amazon, Facebook, Google, Twitter and any OpenID Connect compatible provider. Alternatively you have to authenticate your app users with your own authentication process backed by your backend server and database.
After the user is authenticated, you can then use Cognito for creating unique identities and accessing your secure AWS resources.
This wiki might be helpful if you have your own authentication process and then integrate it with Cognito:
http://docs.aws.amazon.com/cognito/devguide/identity/developer-authenticated-identities/

Adding users to firebase

I'm having a bit of trouble adding users to Firebase. If anyone could help me out with this, it would be significantly appreciated.
Here is my code:
var myRootRef = Firebase(url:"https://plattrapp.firebaseio.com/users")
myRootRef.createUser(emailSignUpEntered, password: passwordSignUpEntered,
withValueCompletionBlock: { error, result in
if error != nil {
// There was an error creating the account
} else {
let uid = result["uid"] as? String
println("Successfully created user account with uid: \(uid)")
}
})
It does display in the println statement within my debugger that a user has been created, but doesn't actually display within my firebase database.
Anything I may be doing wrong?
Firebase Authentication does not automatically create any information about the user in the associated database.
Most applications end up creating this information from their own code under a top-level users node. This is covered in the section called "Storing User Data" in the Firebase programming guide for iOS.
It is in general a good idea to read the Firebase documentation on the topic that you are working on. It will prevent a lot of grey/lost hair and wasted time.

Resources