stackoom
  简体   繁体   中英

AWS Cognito Federated Identity Pool - Role on Authentication

 原文  2017-10-24 10:44:21       ios/ authentication/ amazon-cognito

Question

I have 2 identity pools - one for Unauth (with only Unauth role set) and other for Federated Identities (FB and Google - with only Auth role set).

I have an iOS app in with 2 classes implementing AWSIdentityProviderManager protocol - GuestProvider which returns an empty logins and FBProvider which populates the FB token in logins.

When I launch the app and browse as guest, it works, Similarly if I launch the app and directly login to FB, it also works with proper auth role.

The problem comes when I login as Guest and then switch to FB - though I get the Auth token and set it in Provider and update the defaultServiceConfiguration, but Lambda invoke fails with AccessDenied error - logs show it still has the unauth role. This does not happen if I launch the app and login via FB (not going to Guest first).

These are the functions that set the AWS config for resp use case: 

func initializeGuestCredentialsProvider() {
// AWS
credentialsProvider = AWSCognitoCredentialsProvider(
regionType: Constants.AWS_REGION,
identityPoolId: Constants.COGNITO_UNAUTH_IDENTITY_POOL_ID);

let configuration = AWSServiceConfiguration(
region: Constants.AWS_REGION,
credentialsProvider: credentialsProvider
);

AWSServiceManager.default().defaultServiceConfiguration = configuration
}

func initializeFBCredentialsProvider() {
credentialsProvider = AWSCognitoCredentialsProvider(
regionType: Constants.AWS_REGION,
identityPoolId: Constants.COGNITO_IDENTITY_POOL_ID,
identityProviderManager: FacebookProvider());

let configuration = AWSServiceConfiguration(
region: AWSRegionType.USWest2,
credentialsProvider: credentialsProvider
);

AWSServiceManager.default().defaultServiceConfiguration = configuration

}

I am not sure what could be the reason for this error. Possibly the first credentials provider that has been set in config, can not be changed ?

1 answers

solution1
 0  2017-12-08 01:25:46

I would suggest using a single identity pool. When a user switches from Guest to Authenticated, then just pass the identityId and the provider token (in the logins map) to GetCredentialsForIdentity. This would link the same identityId to the provider (Facebook) user.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS: How to properly authenticate a user against Cognito Pool and use it for Cognito Federated Identity? Get AWS Cognito JWT token from Federated Identity credentials AWS Lambda/Cognito Authentication - Assuming Auth Role AWS - Cognito Login by User Pool, and Cognito Authentication[iOS] AWS / iOS / Cognito: unauthenticated access is not supported for this identity pool Is it save to include AWS Cognito Identity Pool ID when pushing to github AWS Cognito: “Unauthenticated access is not supported for this identity pool.” How to specify Amazon AWS User Pool in trust relationship with Cognito Identity Amazon cognito and Identity pool issue AWS Cognito Identity Null
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM