stackoom
  简体   繁体   中英

AWS - Add identity provider for same Cognito Identity ID

 原文  2016-08-29 04:33:48       amazon-web-services/ aws-sdk/ amazon-cognito/ federated-identity

Question

I am using the AWS SDK, using federated identity providers with Cognito. Right now, I'm doing this: 

private void SetupCognitoStuff()
{
    _cognitoCredentials = new CognitoAWSCredentials(
        MY_IDENTITY ID, // Identity Pool ID
        _awsRegion); // Region

    if (_identityProviderName != null)
        _cognitoCredentials.AddLogin(_identityProviderName, _identityProviderToken);

    _identityId = GetIdentityId();
}

This works fine to create or retrieve the user's credentials, using Facebook as the identity provider. I also cache the Cognito Identity ID in the app's settings.

So, now let's say that the next time the user uses my app, they choose a different login provider (let's say Google). I've already cached their Cognito Identity ID from the last time that they logged in (via Facebook). When I instantiate CognitoAWSCredentials this time, how to I tell it that I want to use the existing Cognito Identity ID, and that Google should be added as a second identity provider, instead of it creating a whole new Cognito identity?

Looking at the documentation for the raw API , it should be possible:

Merging Identities

If you pass in a token for a login that is not currently linked to the given identity, but is linked to another identity, the two identities are merged. Once merged, one identity becomes the parent/owner of all associated logins and the other is disabled. In this case, the identity ID of the parent/owner is returned. You are expected to update your local cache if this value differs (this is handled for you if you are using the providers in the AWS Mobile SDKs or AWS SDK for JavaScript in the Browser).

So if this is the case, then how does it know (ie how do I tell it) what existing Identity ID to use when calling my above function with a different identity provider?

From this page , it looks like it can be done via the raw API by calling GetCredentialsForIdentity and passing in the existing Identity ID in the "IdentityId" field and the new identity provider info in the "Logins" field:

Request Syntax 

 { "CustomRoleArn": "string", "IdentityId": "string", "Logins": { "string" : "string" } }

I'm just not sure how to translate this into the SDK using the CognitoAWSCredentials class.

1 answers

solution1
 1 ACCPTED  2016-08-30 07:03:46

Update the login map of the credentials object with provider 2 token once you authenticated via provider 1. You need to update the Logins map of the credentials object to include the Google's one. You could figure out how it is done for your sdk. Eg for javascript, you could just do 

AWS.config.credentials.params.Logins['accounts.google.com'] = googleToken;

Javascript reference

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Firebase as Identity Provider with Cognito / AWS Identity Id in AWS Cognito changes AWS Lambda - Cognito Identity ID changes with same login SAML IdP - AWS Cognito/IAM as an Identity Provider Use Twitter as Identity Provider in AWS Cognito AWS CloudFormation Cognito Identity Provider (SAML) How to use AWS Cognito as Identity Provider? Cognito Identity Id in AWS IOT event handler How to get the Cognito Identity id in AWS Lambda How to add google as a AWS cognito identity provider in AWS CloudFormation template in JSON
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM