I think it will be hard question. Anyone had dealt with cognito and Twitter. Last do not support OpenID. So have any idea, how can synchronize these two things.
Cognito documentation said only: Using Cognito, developers can store information such as user ... that are not natively supported by Cognito, such as Twitter or LinkedIn™
In order to use twitter, you would need to implement it as a developer authenticated identity provider http://mobile.awsblog.com/post/Tx1YVAQ4NZKBWF5/Amazon-Cognito-Announcing-Developer-Authenticated-Identities
The basic flow would be:
Implement an identity provider that prompts the user to log in with twitter on the device. Using the token twitter returns, call the authentication backend you create to validate the token using the twitter api.
After validation, call GetOpenIdTokenForDeveloperIdentity from your authentication backend using developer credentials. Return the identity id and OpenID Connect token back to the device.
The Cognito credentials provider will then exchange the OpenID Connect token for aws credentials tied to that twitter identity.
Full details about the identity provider interface and flow are available in the dev guide:
iOS or Android
If you don't want to manage the communication with twitter yourself, you may want to consider integration with an another service such as Auth0, which itself integrates with Cognito via OpenId Connect tokens and no back end.
See this blog post and this sample app for an iOS example.
Update 2015-04-30: Amazon Cognito has been updated to natively support Twitter and Digits. Read more on the AWS Mobile blog as well as the Amazon Cognito developer guide.
Related
I'm trying to log in users to a Java Web application written in Java Spark framework using firebase Auth REST API here. Reason is since I couldn't find a better way to integrate with Firebase from this framework.
I can use VerifyPassword end point to login using email provider. But I want to use the Microsoft provider in firebase Auth Console instead of email.
Is there a way to use Microsoft Authentication through firebase using the REST API?
Thanks in advance!
There is. You are looking for Sign In With OAuth Credential section in the Firebase Auth REST API documentation.
You can sign in a user with an OAuth credential by issuing an HTTP POST request to the Auth verifyAssertion endpoint
However, the process won't be pretty straightforward like it is when using Firebase SDKs. You would have to get an access token from Microsoft (or any auth provider) and then pass it in the request body of Firebase's REST API.
I'm coding this in Java(Android). I've followed the Google+ sign in guide and have set up the oauth client for google. I've created the AWS user pool and have added users to it through the AWS Cognito SDK. My problem is how can I get the google users added to the cognito user pool. I've gotten it to add to an identity pool but since identity pools don't have triggers I won't be able to execute my lambda functions. Any help would be greatly appreciated!
To do this you should enable federation with Google in your user pools and use the hosted UI feature.
You can find detailed information in the link below, however I will try to summarize the process here -
http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-social.html.
http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-integration.html.
Cognito allows users to sign-in through an external federated identity provider. This is designed to work with Amazon Cognito's hosted UI feature. So, if federation with Google and hosted UI options are enabled your user-pool, when your users try to sign-in, they will be presented options to sign-in with Google or sign-up and sign-in with their username and password. However, you will have to use a different Cognito Android SDK in you app.
To enable hosted UI option:
1) Start by creating a domain your user pool on Cognito console - http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain.html.
2) Enable federation with Google - http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-social.html.
3) Add Cognito Auth Android SDK in you app - https://github.com/awslabs/aws-sdk-android-samples/tree/master/AmazonCognitoAuthDemo.
I google search many time about how to authenticate Restful API and Mobile App.
I found a lot answers but I feel not better, or perhaps because I am new in API.
My Willing:
Mobile App request or post data to Restful Server
Restful Server Authenticate Mobile App by Username And Password Login
I want to secure on Restful Server And avoid hacker steal password and request data.
After searching by google they told:
use Https with SSL
authenticate username or password then generate new token and signature
use token and signature to authenticate Mobile App.
Other way use Oauth 2.0. After reading Oauth 2.0 document,
I still think its structure still similar token and signature above.
I think if like that, mobile app can store or use token and signature,
or hacker can debug or see process log in by proxy request.
I feel still not secure
because we still use token and signature on requesting.
I just start my new knowledge in API. If I misunderstand,
I am sorry. I use PHP coding.
I would recommend jBoss's Keycloak (http://www.keycloak.org/). From the first page:
Add authentication to applications and secure services with minimum
fuss. No need to deal with storing users or authenticating users. It's
all available out of the box.
You'll even get advanced features such as User Federation, Identity
Brokering and Social Login.
For more details go to about and documentation, and don't forget to
try Keycloak. It's easy by design!
I've successfully implemented user login in my android app with Google Identity Toolkit. I've also created an App Engine Endpoint to communicate from the Android app. Now I want to secure the endpoints with auth.
I know I can create a custom Authenticator for endpoint and do any kind of verification of the data in request header in there and get the job done.
But I don't know how to do the Gitkit verification there.
Basically
What data should I pass to reach endpoint calls from Android app?(token ID?)
What should I do in the custom Authenticator of endpoint to ensure the requests are valid?
I saw people suggesting to use Session or cookies. Will these work if I'm using the endpoint from Android app? If yes please give me some reference on how it can be done.
Gitkit tokens are JWT format, so you validate them on server-side just as any other JWT token.
See example documentation on how to validate JWT here: https://developers.google.com/identity/sign-in/web/backend-auth It's the same format.
I have also my own project to integrate it with Jersey server:
https://github.com/dlazerka/gae-jersey-oauth2. It uses recommended com.google.api-client library to actually verify the token.
I am building an HTTP API in java that uses AWS cognito, and developer authenticated identities to provide tokens to secure the API. I have configured the login system to issue a cognito token when a user logs in and the cognito identity pool contains each user and a developer identity associated with my backend, but I am having a very difficult time finding a straightforward way to retrieve a users specific developer identifier from the cognito token. I have attempted to use the AssumeRoleWithWebIdentityResult API call, but have been unable to find documentation about it for determining the developer identifier, only examples for obtaining temporary AWS credentials.
Once you have temporary AWS credentials, when you call the backend, you can access to the cognito identifier of the caller in the context. Then you can retrieve the developer identifier using lookupDeveloperIdentity on the server side.
Check theses pages to retrieve the context data if you are using API gateway or Lambda
In the token returned by GetOpenIdTokenForDeveloperIdentity, the unique identifier that you gave the user is in the "amr" field. So you will need to crack open the token to get it.
EDIT: As Alexis N-o pointed out, you can look up the developer identity with the Cognito Identity ID:
http://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_LookupDeveloperIdentity.html