amazon-cognito

问题 I am building a stack to initialize a Cognito installation. As part of this I have setup user groups with associated roles. I need to set the Choose role from token option, allowing identities to use roles from the group(s) to which they are assigned. This is done through the RoleMappings object in the IndentityPoolRoleAttachment object. This mappings object is a string -> object map, where the string represents the identity provider. In my case, this is: cognito-idp.${some-region}.amazonaws

问题 Following this guide, it says: On the Attributes tab, select Email address or phone number and select Allow email addresses. Which looks like this: But I'm having trouble accomplishing the same thing with CloudFormation. Tried a couple of the obvious attributes but did not work. Thoughts? 回答1: It's now possible to do this by setting the UsernameAttributes property to an array of strings containing either email , phone_number or both: Type: AWS::Cognito::UserPool Properties: UsernameAttributes

问题 I am using aws cognito service for authentication with Unity3D. I wonder whether there is security problem if 'identity-pool id' is hardcoded to script. For the security, how do deveopers implement? Is there anybody to suggest? 回答1: If you plan on releasing the source code, exposing identities and authentication information is a bad idea. What you could do is make your code to fetch the Identity Pool ID from a separate file and commit that file that has the connection string, or in this case,

问题 I am using the code below to sign up a user with Amazon Cognito. I would then like to upload a file to an Amazon S3 Bucket when the user signs up. What do I need to do to configure the bucket ready to upload, once the user has signed up? Thank you var roleArn = 'arn:aws:iam::123456:role/Cognito_Auth_Role'; var bucketName = 'MY_BUCKET'; AWS.config.region = 'eu-west-1'; var poolData = { UserPoolId : 'POOL_ID', // your user pool id here ClientId : 'CLIENT_ID' // your app client id here }; var

问题 I am using a "Cognito User Pool authorizer" (no "AWS_IAM" option, no custom coded authorizer) to call Lambda methods via API Gateway and identify the user logged in on the iOS client. On Lambda, I use the user id I get from the Cognito User Pool authorizer via event.requestContext.authorizer.claims.sub (to store the user id with some DynamoDB items). I now need to compare this with the id of the logged in user in the iOS client. I found [AWSIdentityManager defaultIdentityManager].identityId ,

问题 I tried to implement all the Cognito SignUp/Confirm/SignIn Stuff in a CognitoController singleton class. I think there are two functions where my problem probably is based: The first function is to re-establish a session and is called from my main view controller which receives the callback and then proceeds to initialize the session or shows the signInViewController: func handleSignInToExistingSession() { if AWSIdentityManager.default().identityId != nil { if AWSFacebookSignInProvider

问题 I am trying to figure out if this is the "proper"/current/correct flow for developing a user/developer defined login credential for iOS using AWS. (I am migrating from Parse to AWS so only been reading AWS for a week). Download, install, and build an iOS app for registering users (say email and password (this is done and the app shows a UITextField for email and password and accessible in the UIViewController)). Also iOS SDK via Cocoapods is installed and available. Create an identity pool

问题 The user uploads an image to his/her subfolder on S3. The only way this can be enforced with policy is by using identity id: arn:aws:s3:::thebucket/${cognito-identity.amazonaws.com:sub}/avatar.jpg A lambda that transforms that image, is triggered, and saves the transformations to a different S3. But now, with the identity id on disposal, that lambda needs to update the user's db record with the references to the avatar transformations. This is where the issue is evident, I only have the

问题 I have implemented a AWS Lambda function and used the gateway to return the fulling data: var param = { IdentityPoolId: "actualIdentityPoolId", Logins: {} // To have provider name in a variable }; param.Logins["com.testing.userLogin"] = userId; cognitoidentity.getOpenIdTokenForDeveloperIdentity(param, function(err, data) { if (err) return fn(err); // an error occurred else fn(null, data.IdentityId, data.Token); // successful response }); So the identityId and token get sent back to the ios

问题 It seems that it is impossible to call a REST API that has AWS_IAM protection enabled through a CloudFront Distribution. Here is how to reproduce this: create a REST API with API Gateway protect a REST API method with AWS_IAM authentication create a CloudFront Distribution that targets the REST API create an A Record in Route 53 that targets the CloudFront Distribution Now use an authenticated user (I use Cognito UserPool user and aws-amplify) to call the protected REST API method with its