By using AWS re:Post, you agree to the Terms of Use

Questions tagged with Amazon Cognito Federated Identities

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Unity and Developer authenticated identities

Hello. I'm trying to use Cognito Developer authenticated identities inside a Unity project. But I can't get it to work and when searching inside the documentation, I can't find a clear/simple example of what I should do. I apologize in advance if some questions/remarks seem simple or stupid, but I'm not a "true web developer" and some notions can be a little bit confusing to me... What I'm trying to accomplish is login on an existing backend (this code already exists and works fine), and then access AWS functionalities, such as S3 storage, to be able to save files for the logged user. From what I understand, this is what Cognito identity pools are intented for. The first thing I'm not sure about is do I have to create also a user pool to use that functionality or not ? (I'd say no, but I'm not sure). So I started reading the documentation and followed what I found on [this](https://docs.aws.amazon.com/cognito/latest/developerguide/developer-authenticated-identities.html#implement-an-identity-provider) page. I created a CognitoAWSCredentials class looking like that : ``` public class DeveloperAuthenticatedCredentials : CognitoAWSCredentials { const string IDENTITY_POOL = "us-east-1:2d36xxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"; static readonly Amazon.RegionEndpoint REGION = Amazon.RegionEndpoint.USEast1; private string m_LoginEmail = null; private int m_LoginId = -1; public DeveloperAuthenticatedCredentials (string _loginEmail, int _loginId) : base(IDENTITY_POOL, REGION) { m_LoginEmail = _loginEmail; m_LoginId = _loginId; } ... ``` I also read that I have to override the RefreshIdentity() method and that's where I'm having questions : ``` protected override IdentityState RefreshIdentity() { IdentityState state = null; string identityId = IDENTITY_POOL; // should it be the user id on my server ? string token = AccessToken; // OpenID token ? state = new IdentityState(identityId, "myCustomProviderName", token, false); return state; } ``` 1- Since I already performed the sign-in operation successfully on the existing server, do I need to use a coroutine or can I just create the IdentityState with the information I have ? Or should I re-write the entire login process and include the Cognito Authentification during this phase ? If yes, are there some specific values I should add in the response ? 2- What exactly is the "identityId" string I should pass to the IdentityState variable ? Is it the user id on my server or is it the IDENTITY_POOL I specified in the credentials constructor ? During my test, I sometimes got a message that the identityId was not in correct form when I tried passing my user id. 3- Do I have to use the Async method ? I found somewhere in the documentation (can't find where, I'll try editing this post once I do) that in C# the GetIdentityAsync() method should be used. Is it also the case in Unity ? 4- What about the GetOpenIdTokenForDeveloperIdentityRequest (and its Async version) : from what I understand, I have to call one of them at some point and specify in the logins a pair "myCustomProviderName", "myUserId". I will probably have some more questions in the future, but replies to these ones will provide a big help for me. Thanks in advance.
0
answers
0
votes
54
views
asked 2 months ago

Can't access userAttributes of listUsersRes.Users in AWS lambda function

I'm filtering out unconfirmed emails in lambda function. I jsut want to access email of every user in my listUsersRes.Users. I have tried for listUsersRes.Users[0].Username it is returning username perfectly. But when I'm trying listUsersRes.Users[0].Email or listUsersRes.Users[0].userAttributes.email or listUsersRes.Users[0].request.userAttributes.email it is returning null. I have aslo AttributesToGet: ["email"].But I don't know why it is not working for email. **My function:** ``` exports.handler = async (event, context, callback) => { const cognitoProvider = new aws.CognitoIdentityServiceProvider({apiVersion: "2016-04-18"}); if (event.triggerSource == "PreSignUp_SignUp" ||event.triggerSource == "PreSignUp_AdminCreateUser" || event.triggerSource=="PreSignUp_ExternalProvider") { try { const listUserParams={UserPoolId: event.userPoolId,AttributesToGet: ["email"],Filter: `cognito:user_status= \"${"UNCONFIRMED"}\"`, Limit: 10 }; const listUsersRes = await cognitoProvider.listUsers(listUserParams).promise(); if (listUsersRes.Users.length >= 0) { return callback(new Error(listUsersRes.Users[0].Username), event);//this line I'm modifying to get email attribute form listUsersRes.Users[0] } } catch (error) {return callback(new Error("catch error"), event);} } else { var error = "This provider is not supported"; callback(new Error(error), event); } }; ``` **my permission:** ``` "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:PutLogEvents", "cognito-idp:AdminInitiateAuth", "cognito-idp:ListUsers", "cognito-idp:AdminUpdateUserAttributes", "cognito-idp:AdminGetUser" ], ```
1
answers
0
votes
52
views
asked 2 months ago