federated-identity

I'm adding a "Sign In with Google" federated login button to my site. For desktop I'm using the popup window which works great like this: gapi.auth2.init(); gapi.auth2.getAuthInstance().signIn().then(function(user) { var id_token = user.getAuthResponse().id_token; // ajax call to pass this to server }); However on mobile we want to use redirects instead of popups, since separate tabs are a little awkward in mobile browsers. I just change to: gapi.auth2.init({ ux_mode: 'redirect', redirect_uri: 'http://example.com/google_login/' }); This works but it adds the id_token I need as a hash fragment,

I'm trying to set up a basic website (serverless on AWS) that would allow visitors to login with Google and/or Facebook. Currently I'm planning to use S3, Cognito with Federated Identities, API Gateway, Lambda (NodeJS), with DynamoDB. The client app will be using Angular. I have the social login with Google and Facebook working, and currently I am inserting a row in a "users" table when a user logs in the first time that includes the cognitoId, name, profile picture URL, etc. I also figure it would be a good design to store the user's information with their email address as the key, instead of

I want to use Cognito Federated Entity (allowing signin through Google etc), to allow access to API Gateway for a web javascript application. I managed to get the Cognito's sessionToken through signing-in with Google but I'm stuck on the API Gateway configuration for enabling the session token. Is there a good tutorial for this entire Federated Entity authentication workflow? Thanks! Since you want to invoke APIs via authenticated Cognito identity, first Amend the auth role of the identitypool to have api execute policy, you could just attach the managed policy

What the claim of type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier should be used for? This is the main question, and here are additional ones. How does it differ from http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name claim? Is it permanent for particular user as opposed to name claim? Is it globally-scoped or IdP-scoped? EBarr Name , is just that a name. If we're talking person, think "Eric"; a server "file01". A NameIdentifier is the ID for an object. Turning back to our person object, Eric's UserID might be 435 in your database. For the server the

I would like to use a Cognito User Pool for Facebook logins only, which may be possible using the built in login form, but I need to use my own. Theoretically, when it comes to a custom form, it shouldn't be hard: after I receive a user object from FB, I bind the user and email attributes to the ones in my User Pool and I save it. But what to do about the password field and future authentication? And here I have failed during my journey... ... userPool.signUp('FoobarUser', '**password?**', attributeList, null, function(err, result){ ... While digging deeper into the docs, I tried to implement