amazon-cognito

问题 I am calling adminInitiateAuth and getting back a strange AccessDeniedException for my own lambdas. Here is the code I'm calling: var params = { AuthFlow: "ADMIN_NO_SRP_AUTH", ClientId: "@cognito_client_id@", UserPoolId: "@cognito_pool_id@", AuthParameters: { USERNAME : username, PASSWORD : tempPassword }, }; cognitoIdentityServiceProvider.adminInitiateAuth(params, function(error, data) { if (error) { console.log("ERROR! Login failed: " + JSON.stringify(error), error.stack); } else { console

问题 This is a question about vendor lock in and AWS cognito. Can user data and encrypted/hashed passwords be exported out of cognito if we ever move off of AWS? Can/does cognito use standard hashing or configurable hashing of the user passwords or allow export of things like tokens? 回答1: At this point in time, Cognito does not allow a way to export users from a user pool. We have heard this request from other customers, though, and have prioritized it for future releases. As far as passwords go,

问题 I have a simple iOS app that uploads to s3. I'm trying unauth all around- even though ideally I want to do Facebook. 2 IAM Roles (created using the wizard). The IAM auth policy (for unauth role): { "Version": "2012-10-17", "Statement": [{ "Action": [ "mobileanalytics:PutEvents", "cognito-sync:*" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Resource": "arn:aws:s3:::[mybucketname]/*" } ] } My constants.h file

问题 I'm doing a proof of concept for federating SAML into Cognito. I've setup Shibboleth v3, and once I finally got the log level set, I can see the SAML being sent back to Cognito, which just redirects to my configured page with ?error_description=Error+in+SAML+response+processing%3A+Invalid+SAML+metadata.+&error=server_error in the URL. The user pool in Cognito is set to require an email address, and I think I've got the attribute mapping set correctly, but it's not really easy to tell. Here's

问题 I would like to use only Cognito User Pool, and therefore I want to use identity federation with Cognito User Pools, without Cognito Federated Identities (identity pools). I have followed the documentation, but I couldn't succeed. http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-social.html Her is my User Pool configuration. How can I combine Google and Cognito in User Pool without using identity pool (Federated Identities). Or is that possible? 回答1: Based on your

问题 I'm developing application based on API Gateway and Lambda. I configured POST /subscribe as "AWS_IAM". So now it cannot accessible directly, but I can access to API with Cognito authentication. Now problem is my Lambda doesn't know who is the API caller. How to know that? I have 2 users: "Bob" and "John". My Lambda need to know that caller is Bob or John. Thanks, 回答1: You can get the Cognito Identity ID from the identity property of the context parameter ( context.identity ) as explained in

问题 I'm trying to insert a record into DynamoDB invoking "Pre sign-up" trigger of Cognito User Pool. Lambda function is pretty simple for testing purposes but there is always an error in client application on AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool.signUp call Use case 1 Lambda body: console.log('Received event:', JSON.stringify(event, null, 2)); Result: InvalidLambdaResponseException: Invalid lambda function output : Invalid JSON Use case 2 Lambda body: callback("null",

问题 I currently have a mobile application using Firebase for user authentication and storing data. I would like to migrate from Firebase to AWS. Exporting the DB from Firebase is simple enough. Download the JSON export and populate AWS. How do I migrate user authentication to Cognito? 回答1: There are multiple ways to migrate users to AWS Cognito. A couple approaches are: Import users as batches. This will require you to take users in to the forget password flow. Onboard users to Cognito UserPools

问题 I'm having trouble understanding how to use fine-grained access control on DynamoDB when logged in using Cognito User Pools. I've followed the docs and googled around, but for some reason I can't seem to get it working. My AWS setup is listed below. If I remove the condition in the role policy, I can get and put items no problem, so it seems likely that the condition is the problem. But I can't figure out how or where to debug policies that depend on authenticated identities - what variables

问题 In AppSync, when you use Cognito User Pools as your auth setting your identity you get identity: { sub: 'bcb5cd53-315a-40df-a41b-1db02a4c1bd9', issuer: 'https://cognito-idp.us-west-2.amazonaws.com/us-west-2_oicu812', username: 'skillet', claims: { sub: 'bcb5cd53-315a-40df-a41b-1db02a4c1bd9', aud: '7re1oap5fhm3ngpje9r81vgpoe', email_verified: true, event_id: 'bb65ba5d-4689-11e8-bee7-2d0da8da81ab', token_use: 'id', auth_time: 1524441800, iss: 'https://cognito-idp.us-west-2.amazonaws.com/us-west