How to integrate the AWS Cognito built-in UI? - amazon-cognito

I've been experimenting with Cognito for a few days, and I am now testing the Built-in signing UIs. I have managed to get it working, I am able to see the login page and successfully login with a User I have created. For my callback URL I'm using localhost:3000 as a testing ground, where I'm running a React SPA.
However, I am at a complete loss about what to do once I'm redirected. The documentation says I should get a URL with a JWT as a query parameter. Instead, I'm getting a URL of the form:
localhost:3000/?code=########-####-####-####-############
where # is an alphanumeric character. I don't recognize this code, I don't think it is a JWT. I would highly appreciated it anyone could:
explain what it is
direct me to any kind of documentation on how to use it?

After redirection, You are getting localhost:3000/?code=########-####-####-####-############
This means you have enabled code grant flow
This code is used to get the tokens from Amazon Cognito.
Request Type: POST
URL: https://mydomain.auth.us-east-1.amazoncognito.com/oauth2/token
PayLoad:
grant_type=authorization_code&
client_id=<CLIENT_ID>&
code=<AUTHORIZATION_CODE>&
redirect_uri=com.myclientapp://myclient/redirect
Here you can see we are passing code in the payload with redirect url.
The response of this POST request will be your tokens ( If Successful authentication :) )
Sample Response:
{
"access_token":"eyJz9sdfsdfsdfsd",
"refresh_token":"dn43ud8uj32nk2je",
"id_token":"dmcxd329ujdmkemkd349r",
"token_type":"Bearer",
"expires_in":3600
}
You can save this token in your localstorage or sessionstorage for further custom authentication.
Please refer all the available endpoints of amazon cognito for more details.
Ex:
Authorization Endpoint
Token Endpoint
I hope now it makes clear to you!

Related

How to use the authorization code from auth0 with my API after redirect

I'm building a SaaS project that requires authentication (duh!) and for that I am using Auth0.
I've managed to the steps detailed here successfully.
Code from above link:
https://YOUR_DOMAIN/authorize?
response_type=code&
client_id=YOUR_CLIENT_ID&
redirect_uri=https://YOUR_APP/callback&
scope=SCOPE&
audience=API_AUDIENCE&
state=STATE
But I'm not sure what to do when I redirect to the redirect_url (here my dashboard url, e.g: dashboard.example.com). I mean I don't know how to use this code.
I get the code appended to url after redirect, so I think everything's working, but am not sure how to use it further to populate the dashboard with user details and retrieve content.
Do I use my API endpoint here instead of the dashboard url?
Hope my question is clear.
Any help would be wonderful!
Thanks in advance!
Edit:
I am using Universal Login, not using any SDK as of now.
After you receive the code you will exchange it for tokens via the POST /oauth/token endpoint.
Here is an example code exchange request from the Authentication API docs
POST https://YOUR_DOMAIN/oauth/token
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&
client_id=YOUR_CLIENT_ID&
code_verifier=CODE_VERIFIER&
code=AUTHORIZATION_CODE&
redirect_uri=https://YOUR_APP/callback
Then, you can use the ID token to populate your user's info, and the access token to retrieve other data from your backend API.

Is it possible to use AWS API without Authentication Token

I try to use AWS lambda. I don't want to use any authentication - it is a simple test function. I receive
{
"message": "Missing Authentication Token"
}
Is it possible to use AWS API without Authentication Token?
Thanks in advance.
Yes, it's possible. You can configure if you want to use Authorization, Request Validator or API key for each resource you created.
Also make sure you invoke the right URL and path of your API, because I had the same issue when I tried to trigger an undeclared path.
Yes, you can create it without Authentication. It means it will default execution role. I have a video blog on the same, which creates and run API without any authentication token. Please see the same below,
https://youtu.be/0HwO14p9cjk
Always remember to deploy API after any change :)

What does Ember-simple-auth check against?

I have been looking for answer of implementing ember-simple-auth (oauth2-password-grant) for days without luck. I use firebase to sign up users, which is successful. However on the log in page, the action of this.get('session').authenticate('authenticator:oauth2', credentials) seems to cause a json error (SyntaxError: Unexpected token < in JSON at position 0).
So my first question is, in theory, how does this authentication check if the user's email/password is correct? Meaning, in which file is the "answer" located? Am I supposed to define a token? If yes, I already tried "serverTokenEndpoint: 'http://localhost:4200/' or serverTokenEndpoint: 'http://localhost:4200/token" and nothing works. Thanks.
Ember simple auth sends login request to API(in your case Firebase). If entered credentials are valid your API will authenticate user, create and save auth token. Authenticated user with created token will be sent to Ember and token will be saved in local storage by Ember simple auth. Every subsequent request from Ember after login needs to include that token in its header and API will authenticate your request based on that token(comparing token from Ember with the one saved in API).

How to get Google TokenAuth working?

I'm developing a youtube upload application and have some troubles with a specific part of authentication. ClientLogin so far, works and uploads are received by Youtube. However I have to redirect my users logged in to the Youtube-Frontpage. I've noticed that there's a possibility to login to gmail via a url: accounts.google.com/TokenAuth?auth=....
This should be possible in the exact same way for youtube. A login at "gmail" will include the cookies I'd need for youtube login.
However, I'm not getting it to work. Which auth token do I have to use? I tried many, the one provided in the clientlogin response. I queried www.google.com/accounts/IssueAuthToken url (which gives me a token back, but I cannot login with it).
For example what I've tried:
https://accounts.google.com/TokenAuth?auth=token-received-by-issueAuthToken&service=youtube&continue=http://youtube.com&source=googletalk
And:
https://accounts.google.com/TokenAuth?auth=token-received-by-issueAuthToken&service=mail&continue=http://mail.google.com/mail&source=googletalk
None of these seem to work. The Clientlogin authentication was done with "service=youtube" - is that the mistake?
I'd appreciate any information that can clarifiy my problem.
Regards,
Dennis Fischer
So - well - I got this working finally. It took me some time because there is no real documentation.
I'll explain how the requests work, you'll need to do 3 requests:
1st: Do a default clientLogin at google.com/accounts/ClientLogin
Provide Email=emailadress&Passwd=Password&service=gaia as data, as well as any other parameter you want to add to clientLogin.
You'll receive 3 Tokens, SID, LSID and Auth - you'll need SID and LSID only!
2nd: Do a request to google.com/accounts/IssueAuthToken
Add paramters SID="Extracted SID"&LSID="Extracted LSID"&service=gaia to the URL.
You'll receive an AuthToken which should start with these characters: "APh-...."
If this is not the case your this request failed due to wrong parameters (most likely missing "service=gaia").
This token will be needed in your 3rd request.
3rd: Do a request to google.com/accounts/TokenAuth?auth="token received in step 2"&service="service where you want to authenticate, e.g. mail"&source="for example googletalk"&continue="the url where you're redirected to, this is http://mail.google.com/mail for service mail"
This 3rd request is most likely done in a browser.
Congratulations, you logged in a user into his google account with 2-Step Auth. You don't need the "real password", the application specific password is enough to generate these tokens.
Regards,
Dennis Fischer

OAuth and Dropbox api

I'm trying to use the API dropbox.
Once the authentication window is opened, a message is displayed:
This session has expired. Please return to the app to try again.
See full image
I'm using a library to work with OAuth called jsOAuth
Console Error
See full image
I published this application: Here the full code
Notes
I know that is not very safe to use OAuth with Javascript, but this is only for studying the OAuth standard.
See here the complete JS
Any example of using javascript with OAuth will help me a lot
Thank you all for your help!
That error message means the request token used for that authentication session is no longer valid, likely because a timeout has passed. (The request token is only good for a certain amount of time.) You need to start over with a new request token.