Is it not possible to modify the redirect_uri of a cognito user pool after creating it?
There is no option in the ui to access this!
Related
I am new to AWS Cognito. Based on description, Userpool is used for authentication. If I am a user in the userpool, I can use this user name and password to authenticate my identity. Why do I need to add App to userpool?
Thanks for help in advance,
AWS Cognito allows you to create a number of apps to integrate with your user pool. On each app, you can custom the Authentication flow, Access/Refresh token expiration, attribute read and write permissions, hostUI...
Use case: you use the same user pool for both apps but there are some custom like:
App A: just allow authentication via the ALLOW_USER_PASSWORD_AUTH and access token expiration is 5 minutes.
App B: just allow authentication via the ALLOW_USER_SRP_AUTH and access token expiration is 30 minutes.
Hope that's clear.
I am authenticating my site's users with AWS Amplify and Cognito user pools. I needed to create a new user pool. How do I update the cognito pool name/id/(whatever parameters are necessary for this update) in AWS Amplify? Or do I need to update these parameters in my vuejs application? Cheers.
In my project we have some federation providers are integrated(e.g., outlook). So whenever user logs in via a valid configured federation domain name then no issues, but whenever a user tries to login via federation with an unsupported(not integrated) domain name (e.g., XXX#gmail.com), cognito just redirects to the same login page without showing any error message saying Unsupported Domain.
To handle error we thought of triggering the pre-authentication lambda, but pre-authentication lambda is not triggered for federation login flow. It triggers only for login via Cognito User Identity Pool.
Question is that are there any alternatives where I trigger pre-authentication lambda for federation login flow in AWS Cognito to handle error message on unsupported federation user domain name attempt?
I was working on a project in which we have to add a user in DynamoDb whenever a new user signs up, we were providing Google, Azure, and (email, password) as options for sign-in/up. Let's get straight to the point. I solved this problem by attaching my lambda to POST_CONFIRMATION_TRIGGER of Cognito and mapping identity attributes then saving these values in my DynamoDb, it works perfectly but I had to spend 2 nights figuring this out.
if you want to know, how I achieve this then let me know.
tech stack: Aws amplify, appsync, cognito, dynamoDb, lambda
PS. POST_CONFIRMATION trigger works only the first time.
You can create similar lambda function like the one that is triggered for Pre Authentication check, and then call it via API Gateway before login via federation.
The pre-authentication trigger will trigger for federated login. However, according to its aws doc, pre-authentication trigger will not happen if the user does not exist within the user pool already.
Note
Triggers are dependant on the user existing in the user pool before trigger activation.
The user from your successful federated login does not exist in cognito yet, and it will be added to the cognito pool after the successful login.
Since cognito will add the federated user to its user pool, its a sign-up event. You should use the pre-sign-up trigger instead. Federated login will trigger your pre-sign-up lambda as expected.
I want to restrict access to an AWS S3 bucket so that new objects can only be created by users who have authenticated through a specific Cognito User Pool. Looking through the AWS documentation I can't work out how to specify the user pool as a principal in the policy. Can anyone help me with this?
If this isn't possible then I'd appreciate some pointers/guidance which might help me achieve the desired result using some other technique. Thanks.
I think a User Pool will not allow you to do this, seen as you only get an access token for an authenticated entity. You'll probably need to create an identity pool, which allows users in your user pool to retrieve temporary IAM credentials. In the identity pool, you can also configure the role these logged in users get with their temporary credentials. You can use these roles to restrict access to the S3 bucket to only those authenticated users.
In the example below, you can see the settings of an identity pool configured with a Cognito user pool as authentication provider. It will either use the default roles configured on top (big red rectangle) or you can choose a custom role for the Cognito authentication provider (small rectangle). All roles can be managed using IAM.
I've been trying to use the authenticated code provided from Auth0 and AWS Cognito to authenticate a user but when I go to the AWS Cognito Console dashboard I see no identities have been created.
Logic flow should be this: I get my JWT from Auth0 when a user logs in and I use that to get my AWS Cognito Credentials - I use the following code:
CognitoAWSCredentials credentials = new CognitoAWSCredentials (
"us-east-1:11047a24-xxxx-xxxx-xxxx-111111111", // Identity Pool ID
Amazon.RegionEndpoint.USEast1); // Region
credentials.AddLogin("stef.auth0.com", id_token1); //id_token1 from Auth0
I did input the JWT (id_token1) into jwt.io to check the validity of it and it comes back VALID SIGNATURE when I add the Auth0 Client Secret. I am not able to see any errors when I run the code. I am using Xamarin C#. I did all the necessary setup with configuring the provider, setting up the default IAM roles for Cognito Auth/UnAuth. Put in the correct Auth0 client ID into AWS, etc... I can however add an Unauthenticated user but not an Authenticated user.
Am I using the wrong code here? Can someone point me in the right direction please?
Thank you for looking!