I am having difficulty navigating Amazon's documentation. I currently have an app that logs in using Firebase's email and password identification. How do I connect this to my data stored in AWS using Cognito? My app is in Objective C.
Unfortunately without a backend, you cannot integrate Firebase Login with Cognito since it doesn't support OpenId Connect. With a backend, you would need to implement the Developer Authenticated Identities flow as follows:
Implement AWSAbstractCognitoIdentityProvider
In the refresh method:
Login via Firebase
Make a https call passing the Firebase Login
token to your backend and validate
From your backend, call
GetOpenIdForDeveloperIdentity using Developer Credentials
Pass
results back to the device
Update the identity id and the logins map
Related
What will happen to firebase login credentials after we transfer our app to a different developer account?
Will our app lose access to login credentials since they are stored in Keychain?
In our app, we use a "custom authentication system".
We don't require emails or passwords from our users while signing in.
Instead, we call a cloud function that creates a user and sends an auth token back to the clients.
In client app, we sign in our users with Auth.auth().signIn(withCustomToken: token)
How can we overcome this problem without losing users' login credentials in our app if we'll lose that credentials? What precautions can we take before the transfer?
Thanks.
How to sign up a user to AWSCognitoIdentityUserPool and get the JWT tokens back?
I got Facebook token from facebook registration. Then how can I register user in the User pool with based on that token?
I need to get JWT tokens in responce after that to use them in my own backend.
Struggling with it a week already..
Recognize authentication is a two step process. First, your app must authenticate with Facebook to receive a JWT, it seems that you have done this successfully. Second, this JWT is exchanged for IAM credentials that will be used for API calls.
Authentication Flow:
App authenticates with Identity provider using the SDK for that identity provider. In response, the Identity provider sends a JWT that will be cached by the app.
App uses cached JWT to authenticate with AWS. If the Identity provider is configured in AWS, in response, AWS sends IAM credentials with the permissions granted to that identity provider.
IAM credentials are used to make calls to other AWS resources specified in the Policy
This documentation goes into more detail for these steps in regarding Facebook.
The AWS Amplify Library has support for iOS. I would recommend using this library to handle Authentication against Facebook Federated Identities.
You do not necessarily need a user pool managed in Cognito, as the user pool function is managed by Facebook.
I have used Lamdba and set up IAM and Cognito and got a identityId and token. I am confused on the next steps. The user is authenticated in Cognito after login. But how do I keep them logged in like by refreshing the token when the app loads? And how do I query DynamoDB using only authenticated users? The documentation is vague. Also using Federated identities and my own OpenID developer authentication process written in lambda.
I was under the impression that AWS Mobile Hub built out things for you in the sample app.
But I see on the resources page that it uses a AWS Cognito which I defined an auth and unauth roles. The app builds but I keep getting this when I try to login:
I have sign in enabled:
In this identity pool I have greated a unauth and auth roles. Then in Mobile Hub downloaded the code but still can't get login working. What am I missing?
When using Custom login, it means that you want to authenticate the users against your backend or developer authenticated identities. This is how it works:
The end user will provide credentials(username and password) on your iOS App.
App will call your backend to verify the credentials.
Backend will call GetOpenIdTokenForDeveloperIdentity API of Amazon Cognito for that end-user (using the username)
Cognito will return an identityId associated with that username and a OpenId Connect Token to your backend and it will passed back to the Android App.
Cognito SDK will use this token to call Amazon STS to get AWS credentials for the end user.
I would highly encourage you to follow our blog post and the developer guide, it explains this flow in depth. As always, if you have any questions please feel free to ask.
Thanks.
I'm trying to implement server facebook authentication using passport-facebook on an iOS Facebook SDK app, and I'm unclear how to setup the passport authentication on the backend.
Basically the iOS client authenticates with Facebook and gets the sessionToken and I want to pass that to the passport-facebook /auth/facebook/callback to verify the session token with FB, and lookup the user from our database through node.js.
Is that the correct way to use passport-facebook, or do I need call /auth/facebook (and what parameters do I need to pass it).
This issue mentions building an app using Facebook iOS SDK and then authenticating on the server, but doesn't mention exactly how to do that.
https://github.com/jaredhanson/passport-facebook/issues/7
I could also write my own custom passport strategy that simply passes the FB session token and I can verify with FB graph API on the server to get the FB user ID and authenticate it's a valid session, as mentioned here:
Design for Facebook authentication in an iOS app that also accesses a secured web service
Check out passport-facebook-token, which is designed to authenticate based on a previously issued token (ie, the one issued to your iOS app).
passport-facebook is designed to do the web-based, redirect flow, which is not typically done from a mobile application.