I'm using #aws-amplify (https://docs.amplify.aws/lib/auth/getting-started/q/platform/js/) to create users and authenticate.
Now I've created 2 user groups (admin and user) in Aws Cognito.
I would like to add a certain user to a specific user group when signing up.
How do i achieve this?
Related
I am creating a react-native app that uses react-native-azure-auth as authorization. The login works as expected if the user is under tenant directory but for users under a group in azure directory the login asks for admin consent is there way to avoid this:-
I'd like to confirm if what I observed is correct with regards to Amazon Cognito User Pools and Amplify, specially with the bold text:
A user pool is a user directory in Amazon Cognito. With a user pool,
your users can sign in to your web or mobile app through Amazon
Cognito. Your users can also sign in through social identity providers
like Google, Facebook, Amazon, or Apple, and through SAML identity
providers. Whether your users sign in directly or through a third
party, all members of the user pool have a directory profile that you
can access through a Software Development Kit (SDK).
So far I have set-up in an amplify app:
Email/Password Sign-up/Sign-in (used amplify add auth with username as email)
Google and Facebook social federation (used amplify update auth)
What I Expect:
I'll be able to create a new account (CognitoUser) with email myemail#gmail.com using email/password sign-up. (myemail#gmail.com hasn't been registered yet or associated with any social federation sign-ins).
A new CognitoUser account will not be created if I Google Sign-in using the Google email myemail#gmail.com. Instead, I will be presented with the account/CognitoUser that I confirmed from #1 after Google sign-in.
Whether your users sign in directly or through a third party, all
members of the user pool have a directory profile that you can access
through a Software Development Kit (SDK).
What I Get/Observations:
I seem to get (2) unique Cognito Users each for the email/password sign-in and Google Sign-in methods. (Please see the attached CognitoUser Logs screenshots below)
My Questions:
If I first signed-up an email (myemail#gmail.com) using email/password, do I get (2) unique Cognito Users if I sign-in again using a Google (or Facebook account) that uses the same email myemail#gmail.com?
If (2) CognitoUsers are created for the same email,
How do I prevent a new CognitoUser creation for Google Sign-in when the email has already been registered using email/password and vice-versa?
Is it possible to reuse the CognitoUser from an email/password sign-in on a Google sign-in of the same email?
If [2.1] cannot be prevented, how can serverside data be best managed for the 2 CognitoUsers (that share the same email myemail#gmail.com)
TIA for your insights and advice!
CognitoUser Logs
CognitoUser from email/password sign-in (myemail#gmail.com):
CognitoUser from Google Sign-in (Auth.federatedSignIn({provider: 'Google'})). Google email is myemail#gmail.com:
The name of my app inside Google Login using AWS Cognito is "amazoncognito.com". How can I change this? (Javascript sdk)
Ex:
create a custom domain for your user pool. https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-add-custom-domain.html
Problem:
I am using Aws Cognito using google as external federated identity for auth of my application:
problem is it logs me in with the last user when having only one signed in google account. Basically it seem its simply not able to logout the user completely.
Heres what is happening :
I am logged into google with e.g user a#gmail.com
I login into cognito via the external federated identity use the above email and login. All iz well.
I now logout and want to login into cognito using 'b#gmail.com', now say I created the account using another browser and never used the current browser, so browser does not know about this.(In short I am logged into just one gmail account in this browser.)
When I try to signin I am shown the option to 'Signin with Google' but it never presents me the account selection screen and directly logs me in.
I am using the screen cognito shows at https://mydomain.auth.auth.us-east-1.amazoncognito.com/login
Using Prompt:
I see that google itself has a way to force the user to select an account using the 'prompt' : select_account option. But I see no way to specify this anywhere in cognito.
Question :
- Anyone have any fix / workaround to above problem? I need a way to 'always' show the account selection so that he can choose or use a different account.
Did you try the logout endpoint from cognito ?
- Yes, This is happening even after I send the user to the logout endpoint of cognito, which is probably supposed to logout the user.
I am trying to migrate user from my current directory to cognito userpool. I was able to migrate user when they enter username and password, but not able to migrate when user sign in with google. I have linked google accounts with existing user in my current directory( I use email to send authentication token if user email of google account found in my directory). Same I want to do for migration. Approach I have tried
On pre-signup trigger by external provider get users from my current directory and add it to userpool and link it with external provider. Problem is how to use same password.
Is there any better approach to migrate user on google sign in?