I am trying to bypass Cognito's hosted UI and have my custom UI for social login, I used Amplify for creating user with username and password, but for user creation using social login documentation says to use Cognito Hosted UI, is there a way to create user pool without using Cognito's Hosted UI.
I tried to build my own but after receiving code from google on redirect I don't know how to create data in Cognito's user pool
Related
TLDR: Is there a way to dynamically set the login URL during app
runtime for either Auth0, Okta, or some other authentication service?
I am developing a capacitor application that uses Salesforce data. My app users will need to authenticate to Salesforce to retrieve permission (access token, refresh token, etc) for the app to grab their Salesforce data. The catch is the user can customize their login url based on the Salesforce sandbox they wish to hook my app up too during app run time. For instance they can use the choose to access a
prod sandbox via https://login.salesforce.com/.well-known/openid-configuration
development sandbox via https://test.salesforce.com/.well-known/openid-configuration
specific sandbox via https://${customSandboxDomain}.my.salesforce.com/.well-known/openid-configuration
Due to the user being able to determine which sandbox/domain they would like to authenticate to the app needs to be able to dynamically declare the authentication login url. Is there a way to dynamically set the login URL during app runtime for either Auth0, Okta, or some other authentication service?
I'd like to implement SSO logins for users in my Firebase web app, but only for users that have an existing account. When I add e.g. the Microsoft provider in Firebase and implement the required UX flows in the web app, anyone with a Microsoft account is able to sign in using that, upon which a new user account is created (if they haven't signed in before). I'd like to restrict this to users that:
have registered previously with e.g. an email and password login method, and
have subsequently chosen to activate the SSO login method in the web app
Is there a recommended way to prevent the default behaviour in Firebase auth for SSO so that I can check for an existing account with the same email and its approved login methods before letting the user log in and/or create a new account?
There is no built-in way to do this in Firebase Authentication, as it makes no distinction between sign-up and sign-in for OAuth users.
The typical approach to implement this is to create a list of the allowed users somewhere that both your app and your server-side logic can find it (like in one of Firebase's databases), and then check against this so-called allowlist in both your client-side and server-side application code (and security rules) after the user signs in and before executing any other application logic for them.
In the application itself, you could show this as "unable to sign in" to the user, since (despite you calling the Firebase API and signing them in there) they have not completed the sign-in into your application itself.
I have setup an userpool with two login methods. One using hosted UI with userpool to signup/sign-in users. And ther other using a Federated Identity Provider (IDP). For both login methods(Appclients) I have enabled and used Code Auth Flow + PKCE (So the code <-> token exchange could be completely handled by the client - react web frontend).
I have also setup an Identity pool for users' to get temporary credentials to complete the MFA (TOTP) setup from react web frontend.
Now, I could complete the MFA setup - showing the QR code (AssociateSoftwareToken), performing VerifySoftwareToken (after user gets the one time token using code generator app- google authenticator in my case) and updating userpool for user's preference with SoftwareTokenMfa settings.
When users Login using the hosted-UI (with useraccounts created through Cognito ), Cognito performs the MFA challenge before redirecting with (oauth) code.
But when users logged in using Federated Login, Cognito redirects the user back to application with oauth code.
Is there anyway, I could make Cognito perform MFA for users logging-in using Federated Login?
I have simple vuejs application and I use vue-google-signin-button plugin to login via google. That works correctly.
To login by user name and password I use aws cognito user pools. Which also works.
Is it possible to login via google and store logged in user in to user pool? I checked plenty of aws manuals but I haven't found such option.
Thanks
I need to login users via Instagram for my mobile application so I can make calls to Instagram API and get some information from the Instagram. Simply, my application will ask user to authorize Instagram access and able to get access token for API calls. Application should not ask user to login again once the user is authorized. I already setup my Instagram client-app to implement server-side authentication flow.
My challenge is I want to do this on by using AWS mobile services. I already setup custom authentication from MobileHub and came to point where I need to define my custom authentication flow (in this case it is Instagram authentication flow). Under AWS Cognito app when I go to Triggers tab, I see different options for defining lambda functions associated with my authentication (such as pre/post auth or define / create / verify auth challenge). I am not sure how to align Instagram Authentication flow with these functions. Or should I use something else. Also I am not clear how does AWS Cognito manages authentication flow: I don't want my users to go through authorization process every time they start my application. I believe AWS Cognito link users from my custom flow to some Cognito identity and able to authenticate when they use my application. I really appreciate any suggestions, or even code sample (if available).
Check this Document for Cognito Identity. Instagram is not there by default. So you have to use External Identity Provider, most probably using Open ID Connect Providers.