问题
We are working on an iOS Application that has been using Unauthenticated Access to Cognito. We are now adding an Identity Provider: Cognito User Pools.
We are seeing that when Device A does the login process, from Unauthenticated to Authenticated, the Cognito ID stays the same (as expected). Then when Device B logins in, Unauthenticated to Authenticated. We would expect the user to get the Authenticated Cognito ID from Device A, this is not the case.
Even so, perhaps they all transitioned to Cognito ID from Device A? That also doesn't seem to be the case. Both devices have separate Cognito ID's but are using the same user account from a Cognito User Pools. But neither share a Cognito ID, which seems to go against what the documentation describes.
Can someone confirm what we are doing is a valid workflow, and perhaps what we might be doing wrong?
We are storing the Cognito ID in a back end server to tie that data to a user, but with the Cognito ID's changing unexpectedly, its hard to come up with a good solution.
回答1:
You are correct, the AWS Cognito identityId will be the same for an authenticated user even if he is authenticated on two different devices.
What you describe is not the expected behavior.
Probably you are not "really" authenticated. What does "really" authenticated mean? It means that you have gone through the process of wiping the keychain and getting credentials, because it is the credentials provider that goes to the identity provider and gets the login dictionary (and then assigns an appropriate identityId (that's when it gets to be the same as the other device)).
You can tell if you are "really" authenticated by looking in the AWS Console for Federated Identities, and looking at the identity browser. The "logins" count on the identity in question should NOT BE 0... it should show (in your case) 1 and if you click on the identity, you should see that it is authenticated with your pool.
The fix? After you come back from logging in and getting a session you must "Get Credentials for ID" (which in the ios sdk is the "credentials" method).
This link may help cognito notes and diagram
来源:https://stackoverflow.com/questions/40853535/ios-aws-cognito-authentication-with-multiple-devices