问题
i'd like to explain an auth flow and hope you can answer if amazon cognito the correct solution for this.
Requirements: For every Login (Username/Password, Facebook, Google etcpp), there should be a valid User Pool account.
Flow Facebook (no identity or user pool account exists).
Customer clicks "Login with Facebook":
1) calling GetOpenIdToken -> with the FB AccessToken
1a) at the same time, use the FB AccessToken to fetch the email address from Facebook
2) calling AdminCreateUser with a generated password and facebook email
3) calling AdminInitiateAuth and fetch the idToken
4) calling GetOpenIdToken and add the idToken for cognito user pool and the facebookAccessToken
Result: a user in the Cognito User Pool and a linked federated account
Important is for me: the token from 4) is a user pool token and contains "sub" (UUID wich one is important for our internal database)
Ok, thats is ok and works good BUT:
Flow Facebook user comes back (identity and linked user pool account is available)
Customer clicks "Login with Facebook":
1) calling GetOpenIdToken -> with the FB AccessToken
2) calling DescribeIdentity and get the Login List
2a) we can see that there is a linked user pool id and don't need to create a new user
exact at this point comes the question:
how can i get a user pool token if i just have the facebookAccessToken, but a linked user pool login?
and is it possible to get the user pool data for that linked user just with the facebook accessToken ?
If this the correct flow or is this auth flow not supported by Cognito?
Thanks Marcel
回答1:
No this is not supported currently. You have created an identity in Cognito Federated Identities which has linked logins (FB and Cognito User Pools), but to authenticate with Cognito User Pools you currently cannot use Facebook access token. The only way to get the user pool token is by using the username/password for that account.
We have heard this request from multiple customers and would consider adding it in future releases.
来源:https://stackoverflow.com/questions/42139567/is-this-auth-flow-possible-with-amazon-cognito-identity-and-user-pool