Authenticating a Cognito User in Browser JS using tokens from cognito itself as an Identity provider



We have a multiplatform app consisting in an Android app and a website that share a User Pool for the login procedure. In the browser, for the login, we use without any problem the flow described in case 4 @ :

var authenticationData = {
	Username: 'username',
	Password: 'password',
var authenticationDetails = new AmazonCognitoIdentity.AuthenticationDetails(
var poolData = {
	UserPoolId: '...', // Your user pool id here
	ClientId: '...', // Your client id here
var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData);
var userData = {
	Username: 'username',
	Pool: userPool,
var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData);
cognitoUser.authenticateUser(authenticationDetails, {
	onSuccess: function(result) {

We also have an android application where users can also login using the Amplify framework, the login works as described in

Amplify.Auth.signIn("username", "password",
    { result ->
        if (result.isSignInComplete) {
            Log.i("AuthQuickstart", "Sign in succeeded")
        } else {
            Log.i("AuthQuickstart", "Sign in not complete")
    { Log.e("AuthQuickstart", "Failed to sign in", it) }

But, now, we need to authenthicate the users in another browser scenario (a webview inside the android Application) without asking for a password or username (as they are using the app, they already logged), I guess using the tokens generated in the Android login. I don't see any way to do such an authenthication using methods described in:

I'm tempted to use in the browser webView, as described in,

AWS.config.credentials = new AWS.CognitoIdentityCredentials({
  IdentityPoolId: '<the pool that is shared by android and browser app>',
  Logins: { 
					'cognito-idp.<region><the_POOL_ID>': <the_jwt_token_derived_from_the_android_login?>,

But this is not working at all. The AWS.config.Credentials show an expired token and no login has been made, I cannot retrieve a Cognito Session. Does anyone know how to handle this situation?

Thanks in advance for you time

  • Hello, My question is, if the user is already authenticated, why do you need to send a token to cognito again? Just have a "if" statement in your code to see if the user is logged in, and if not, make another call to cognito. Unless i'm missing something here...

No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions