简体   繁体   English

将社交身份联合用户身份验证到AWS Userpool? - Android

[英]Authenticate social identity federation user to AWS Userpool? - Android

We have used com.amazonaws:aws-android-sdk-cognitoidentityprovider:2.6.8 SDK for username and password based login and register flow. 我们使用了com.amazonaws:aws-android-sdk-cognitoidentityprovider:2.6.8 SDK用于基于用户名和密码的登录和注册流程。 Following the approach mentioned here https://docs.aws.amazon.com/cognito/latest/developerguide/tutorial-integrating-user-pools-android.html . 按照此处提到的方法https://docs.aws.amazon.com/cognito/latest/developerguide/tutorial-integrating-user-pools-android.html Sign up and Login Process is working as required. 注册和登录过程正在按要求运行。

For Facebook and Google authenticate through federation, We do not want to use the hosted UI for this purpose and are not using federated identities. 对于Facebook和Google通过联合进行身份验证,我们不希望为此目的使用托管UI,也不希望使用联合身份。 We had followed this link https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html . 我们已关注此链接https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html

  1. We have setup user pool with an application client and a user pool domain. 我们已经设置了具有应用程序客户端和用户池域的用户池。
  2. Setup Facebook as a social identity provider. 将Facebook设置为社交身份提供商。
  3. Added android call back URL to mobile. 添加了android回调URL到手机。

First Approach 第一种方法

We look into CognitoSyncDemo Sample application, It was using federated identity so we had to discard it. 我们研究CognitoSyncDemo示例应用程序,它使用联合身份,因此我们不得不丢弃它。 We are just using federation in userpool. 我们只是在userpool中使用联合。

Second Approach 第二种方法

We have used the webview and load the below URL. 我们使用了webview并加载了以下网址。 The URL takes me directly to Facebook, after authentication, it returns me back to redirect URL with access_token, auth_type, expires in and id_token. URL将我直接带到Facebook,经过身份验证后,它会将我返回到重定向URL,其中包含access_token,auth_type,expires in和id_token。 But no refresh token. 但没有刷新令牌。 URL https://yourdomain.auth.us-east-1.amazoncognito.com/oauth2/authorize?redirect_uri=redirect_app_path&response_type=code&client_id="client_id"&identity_provider=Facebook 网址https://yourdomain.auth.us-east-1.amazoncognito.com/oauth2/authorize?redirect_uri=redirect_app_path&response_type=code&client_id="client_id"&identity_provider=Facebook

But there is a problem using this approach. 但使用这种方法存在问题。 I couldn't find a way to push the access token to cognitoUserSession in SDK which is managing a user session. 我无法找到一种方法将访问令牌推送到管理用户会话的SDK中的cognitoUserSession。 So every time I sign up with Facebook (using webview), there is no session maintain in SDK. 因此,每次我注册Facebook(使用webview)时,SDK中都没有会话维护。 Hence I am redirected to login view again. 因此,我被重定向到登录视图。 How to ensure the Facebook user is authenticated and signed in by cognitoidentityprovider? 如何确保Facebook用户通过cognitoidentityprovider进行身份验证和签名? How to create user session in SDK when getting access_token and id_token? 获取access_token和id_token时如何在SDK中创建用户会话?

Third Approach 第三种方法

We tried to use the Cognito Auth Demo https://github.com/awslabs/aws-sdk-android-samples/tree/master/AmazonCognitoAuthDemo . 我们尝试使用Cognito Auth Demo https://github.com/awslabs/aws-sdk-android-samples/tree/master/AmazonCognitoAuthDemo For this, we have to add another library com.amazonaws:aws-android-sdk-cognitoauth . 为此,我们必须添加另一个库com.amazonaws:aws-android-sdk-cognitoauth After clicking on sign in, it used to take us to hosted-ui. 点击登录后,它曾经带我们去托管-ui。 After looking into similar IOS project, we made tweaks in android library project (com.amazonaws:aws-android-sdk-cognitoauth for android). 在查看类似的IOS项目之后,我们在android库项目中进行了调整(com.amazonaws:用于android的aws-android-sdk-cognitoauth)。 We added identity_provider in URI for sign in. It then takes us directly to Facebook on chrome tab. 我们在URI中添加了identity_provider以进行登录。然后我们将我们直接带到Chrome选项卡上的Facebook。 After authentication, it set the session in our application. 验证后,它在我们的应用程序中设置会话。 But it has own authentication object which is AuthSession but previously we were using CogintoUserSession for normal sign up. 但它有自己的身份验证对象,即AuthSession,但之前我们使用CogintoUserSession进行正常注册。 AuthSession is do not have User Attributes and nor offer any get user details or authentication handlers. AuthSession没有用户属性,也不提供任何获取用户详细信息或身份验证处理程序。 If we use this approach, then how to link AuthSession with CognitoUserSession and manage user session in the application? 如果我们使用这种方法,那么如何将AuthSession与CognitoUserSession链接并管理应用程序中的用户会话?

Summary 摘要

In short, We had tired AWS samples, it is taking us to web-based hosted UI. 简而言之,我们已经厌倦了AWS样本,它将我们带到了基于Web的托管UI。 We need to authenticate a user via Facebook to userpool using only federation identity provider. 我们需要使用联合身份识别提供商通过Facebook对用户池进行身份验证。 We need to maintain session in Cognito SDK without affecting our username and password based login flow. 我们需要在Cognito SDK中维护会话,而不会影响我们基于用户名和密码的登录流程。 We want to open Facebook directly or on webview in our application on button click, authenticate the user and maintain session in the application using only Cognito SDK. 我们希望在按钮点击时直接在我们的应用程序中打开Facebook或在webview上打开Facebook,仅使用Cognito SDK对应用程序进行身份验证并在应用程序中维护会话。

To connect to user pool i had included aws-android-sdk-cognitoidentityprovider. 为了连接到用户池,我已经包含了aws-android-sdk-cognitoidentityprovider。 But if you need to add social sign up, you need to add cognitoauth as well. 但是,如果您需要添加社交注册,您还需要添加cognitoauth。

  1. Ensure cognito sdk version are same otherwise you might run into complication error. 确保cognito sdk版本相同,否则您可能会遇到并发错误。

  2. As per the need of project, i need identity provider to pass into sdk so it could directly navigate directly to my social identity provider page. 根据项目的需要,我需要身份提供者传递到sdk,以便它可以直接导航到我的社交身份提供者页面。 But current sdk version ' 2.6.24 ' didn't provided me with this provision. 但是目前的sdk版本“ 2.6.24 ”并未向我提供此条款。 I had downloaded the android-sdk-cognitoauth sdk from awslab github and included in my project. 我从awslab github下载了android-sdk-cognitoauth sdk并包含在我的项目中。 I alter Auth.java class added identity provider variable in it. 我改变了Auth.java类中添加的身份提供者变量。

  3. Next step, i alter AuthClient.java method launchCognitoAuth . 下一步骤中,我改变AuthClient.java方法launchCognitoAuth。 I place additional condition to check if identity provider present or not. 我提出了额外的条件来检查身份提供者是否存在。 Then i set it in sign in uri. 然后我在uri中签名。

    if (pool.getIdentityProvider() != null) { builder.appendQueryParameter(ClientConstants.DOMAIN_QUERY_PARAM_IDENTITY_PROVIDER, pool.getIdentityProvider().toString()); }

  4. After making above alteration, i can configure identity provider through my app in auth.builder(). 进行上述更改后,我可以通过我在auth.builder()中的应用程序配置身份提供程序。 The hack worked, i directly navigated to my provider page. 黑客工作,我直接导航到我的提供者页面。 After authentication, sdk set session it self. 验证后,sdk将会话设置为自己。

To sum up, I found difference between android and ios project implementation. 总而言之,我发现android和ios项目实现之间存在差异。 In iOS project, aws has given provision to add identity provider directly. 在iOS项目中,aws已直接添加标识提供程序。 I followed the flow of ios project and made tweak to android congitio-auth project. 我按照ios项目的流程进行了调整,并对android congitio-auth项目进行了调整。 The difference has been reported as well to aws-sdk-android-sample issues . 已经报告了aws-sdk-android-sample 问题的不同之处

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM