amazon-cognito

I am authenticating through Cognito on client side browser using a developer authenticated identity. When my page loads (or is refreshed) I would like my application to remember the Identity for as long as the object is not expired (I think it lasts about an hour). However, I don't know how to retrieve the identity from Cognito without having to go through the developer authentication again. Here is what the code does on page load: var cognitoCredentials $(document).ready(function() { "use strict"; cognitoParams = { IdentityPoolId: 'us-east-1:xxxxxxx' }; cognitoCredentials = new AWS

I am having a hard time figuring out how to return developer credentials provided by my server (via AWS) to my Example identity provider. It seems I need to do this synchronously within the refresh method on the ExampleIdentityProvider class. I'm using AFNetworking to make the request, but it is an async GET request. How can I do this synchronously for the refresh method on my IdentityProvider? The following is in Swift: class ExampleIdentityProvider: AWSAbstractIdentityProvider { var newToken: String! override var token: String { get { return newToken } set { newToken = newValue } } override

This is a question about vendor lock in and AWS cognito. Can user data and encrypted/hashed passwords be exported out of cognito if we ever move off of AWS? Can/does cognito use standard hashing or configurable hashing of the user passwords or allow export of things like tokens? Jeff Bailey At this point in time, Cognito does not allow a way to export users from a user pool. We have heard this request from other customers, though, and have prioritized it for future releases. As far as passwords go, Cognito uses secure remote password protocol to do the actual authentications, so the metadata

We are trying to use Amazon Web Services Internet of Things (AWS IoT) to send messages from/to a Web Browser (e.g: . Given that the AWS IoT supports JavaScript we expect that this is possible ... We have searched at the AWS IoT Documentation but only found server-side examples (which expose AWS secrets/keys...) Are there any good working examples or tutorials for using AWS IoT to send/receive messages via WebSockets/MQTT in the browser (e.g: authenticating with AWS Cognito) ? Thanks! Kyle Roche Here's a sample that uses a cognito identity pool in JS to connect, publish and react to a

Can I apply a policy to an AWS DynamoDB table but restrict it based on the Cognito ID of the user accessing it? E.g. A Customer table has a primary hash key equal to the Cognito ID. When anyone but the user sharing the same ID tries to get the item they will receive an unauthorised exception. (Non DynanoDB policies are probably also valid.) You should be able to do something like this using the same techniques as those for using an ID Provider . You should use the Cognito identifier as the key in the policy: { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "dynamodb

I'm building a system consisting of an Angular2 single page app and a REST API running on ECS. The API runs on .Net/ Nancy , but that might well change. I would like to give Cognito a try and this is how I imagined the authentication workflow: SPA signs in user and receives a JWT SPA sends JWT to REST API with every request REST API verfies that the JWT is authentic My question is about step 3. How can my server (or rather: my stateless, auto-scaled, load-balanced Docker containers) verify that the token is authentic? Since the "server" hasn't issued the JWT itself, it can't use its own secret

I have a working iOS app using AWS Cognito AWSMobileClient where users can sign in and log in/out with AWSAuthUI. What I want to do next is: having a sub from another user (e.g. 7y873ff7-.....u9h4k) I would like to get the information from that other user. After searching the net it seems that I need to use something called ListUsers, but I am not 100% confident. Can anyone confirm this and give me some tip about how I need to go to get done what I want? Knowing that I am working in Swift. ...... Later updating of the post ....... Following examples I have found on the net; here is some code I

Scenario Suppose a hacker using a single page webapp https://example.com?secure=maybe has authenticated and obtained a OpenID Connect token that is used to access micro services. The hacker manages to fish these credentials out of the application. ( Follow up question on that here ) The hacker creates another application running on localhost that loads the credentials obtained. The hacker also points localhost to https://example.com in /etc/hosts such that now opening the address https://example.com runs the hackers web application instead of the real one. Question Can the hackers application