aws-cognito | 易学教程

API Gateway with Cognito User Pool Authorizer and Lambda

阅读更多关于 API Gateway with Cognito User Pool Authorizer and Lambda

问题 I am having an Architecture where I am using API Gateway with Cognito User Pool Authorizer and I am passing the IdToken in Authorization Header from client side ReST call. It is working fine. I need the cognitoIdentityId in Lambda. Tried Body Template Mapping in Integration Request in API Gateway Content type - application/json { "cognito-identity" : "$context.identity.cognitoIdentityId" } It doesn't send the identityid (in event or in context) and also it transforms my payload only to this

Is LinkedIn OpenID Connect provider? How can it be used with AWS Cognito Federated Identity?

阅读更多关于 Is LinkedIn OpenID Connect provider? How can it be used with AWS Cognito Federated Identity?

问题 The AWS Cognito documentation is very sketchy when it comes to explaining OpenID Connect providers or how to implement auth using say LinkedIn. The nearest example is of SalesForce https://aws.amazon.com/blogs/security/building-an-app-using-amazon-cognito-and-an-openid-connect-identity-provider/ These steps did not work for LinkedIn using it Javascript SDK. Not able to retrieve id_token similar to FB or Google JS SDK. AWS needs id_token to return the AWS credentials. Anyone has successfully

AWS Cognito's SMS Multi Factor Authentication returns invalid code or auth state

阅读更多关于 AWS Cognito's SMS Multi Factor Authentication returns invalid code or auth state

问题 I am trying to implement authentication built on Cognito using their Go SDK . I have been able to get basic username/password authentication to work, but when I add in 2-factor authentication using SMS I am getting stuck. Steps to reproduce : I create the user with a username/password and email verification I validate the email address I set the phone number and request a verification code I verify the phone number I enable 2-factor authentication (via SMS) I try to sign in and receive the

In AWS iOS SDK, how do I handle FORCE_CHANGE_PASSWORD User Status

阅读更多关于 In AWS iOS SDK, how do I handle FORCE_CHANGE_PASSWORD User Status

问题 I have followed the sample here https://github.com/awslabs/aws-sdk-ios-samples/tree/master/CognitoYourUserPools-Sample To integrate interactive cognito login to my iOS app. This is all working well, but when a new user is created in the pool, they initially have a FORCE_CHANGE_PASSWORD status. For android you can follow the procedure below http://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-android-sdk-authenticate-admin-created-user.html But for

AWS ApiGateway Lambda Proxy access Authorizer

阅读更多关于 AWS ApiGateway Lambda Proxy access Authorizer

问题 I´m using an Lambda Proxy and a Cognito User Pool Authorizer in my ApiGateway. In the Lambda function I can access the path etc. variables via the event object. In addition to that I want to access the claims of the authenticated user. In the documentation it is written, that I should use: context.authorizer.claims.property But I authorizer is null so I get Cannot read property 'claims' of undefined Anyone with an idea? 回答1: If you are referring to this part of the documentation, $context

AWS Cognito Switch User to Federated Account

阅读更多关于 AWS Cognito Switch User to Federated Account

问题 I want to allow users to sign up using either a user-pool identity (email + password) or a Facebook-federated identity. But I also want them to be able to switch later on: either add Facebook federation if they didn't sign up using Facebook initially, or remove the Facebook link from their account if they initially signed up using Facebook. Is this possible? Thanks in advance! 回答1: Yes, it is. I'm assuming that Facebook is added directly to the Userpool as an IdP. Splitting your query into 2

AWS Cognito SMS Role : Cannot create or assign a new role

阅读更多关于 AWS Cognito SMS Role : Cannot create or assign a new role

问题 I am not able to get verification codes(sms) and mobile app. i deleted the role. i tried recreating the role in cognito but it doesn't give any option to do so. Error response while i create new user : "Role does not have trust relationship allowing cognito to assume the role" On saving the verification settings on my cognito (with the previous role arn stuck in there) it say " Your roles are still being created " Error while saving verification changes 回答1: I too faced the same issue. Let me

AWS Cognito force refresh session

阅读更多关于 AWS Cognito force refresh session

I'm running into some problems when I attempt to refresh my session tokens, (Access, Id, Refresh). I have already read this question and the answer has helped me understand what is going on some. But I feel what I am trying to do isn't quite what getSession is for. I am attempting to implement a session expiration message (done) that allows the user to extend their session (refreshes the tokens). From what I gather about getSession() , it returns either the old tokens, if they are still valid, or new tokens if they are not valid. Please correct me if I am wrong there. I am attempting to give

send email when user registers - AWS Cognito federated Identities

阅读更多关于 send email when user registers - AWS Cognito federated Identities

How can i send an email/trigger a lambda function when a new user registers? Under "edit identity pool" i only found a sync trigger. If i understand correctly: This one is triggered every time a user syncs his data... Is there any way to trigger a lambda function only for the "initial" sync or when a certain dataset is created for the user? Edit: To be more specific: I do create the user via lambdas using the JS SDK. I use developer authentication with my own oauth2 flow. I don't know how to distinguish between a user granting access e.g. via Google the first time from someone doing this the

Is LinkedIn OpenID Connect provider? How can it be used with AWS Cognito Federated Identity?

阅读更多关于 Is LinkedIn OpenID Connect provider? How can it be used with AWS Cognito Federated Identity?

The AWS Cognito documentation is very sketchy when it comes to explaining OpenID Connect providers or how to implement auth using say LinkedIn. The nearest example is of SalesForce https://aws.amazon.com/blogs/security/building-an-app-using-amazon-cognito-and-an-openid-connect-identity-provider/ These steps did not work for LinkedIn using it Javascript SDK. Not able to retrieve id_token similar to FB or Google JS SDK. AWS needs id_token to return the AWS credentials. Anyone has successfully implemented Linked with AWS Cognito? Nope. It seems Linkedin does not offer full OpenID Connect. Also