Connect api keys to cognito users - amazon-cognito

I am trying to connect cognito with api-key that I receive from the api-gateway. Every user have to receive several api-keys , and I want to know if their is a way in the api-gateway to mark that this api key belongs to some user.
Thanks

Related

Is it possible to use openid users as minio users?

I checked the minio guide to connect to the identity openid, finally I connected to the minio console window by Keycloak service users, but I failed to use the same username and password in the api and execute the show bucket request through postman.
Is there a way to define a user's openid and allow access to all minio features for that user?
I tried to fix the problem with different openid services like Okta, KeyCloak, Google, but I didn't succeed.
You first need to get temporary tokens after the OpenID handshake for your users, once you have the STS (session tokens) you can use them to make S3 API calls.
https://github.com/minio/minio/tree/master/docs/sts read here on how to do it programmatically
Edit: More detailed documentation is available now at https://min.io/docs/minio/linux/administration/identity-access-management.html

Is it possible to link personal ad account to business account programmatically in facebook?

I want to aggregate my clients' ad account into my business account automatically.
The client is already logged in via oauth2 process in my website and grant the permissions, ["ads_read", "ads_management", "manage_pages"].
I'm succeeded to request access for the client using the endpoint POST /<business_id>/client_ad_accounts.
Request image in the client Ad account setting page:
And, There is a problem.
I want to accept this request programmatically using the client's ACCESS_TOKEN.
POST /act_<client_ad_account_id>/agencies
-d "business=<my_business_id>&access_token=<client_access_token>"
But, I have a error message (#10) Ad account <client_ad_account_id> must be managed by a business account to approve agency access.
Is it possible to accept this request programmatically? If that's possible, what should I do?
self answer: Connect client page to the client's business account and add permission business_management. Then, everything works fine.

AWS Cognito Mobile Hub

I need to login users via Instagram for my mobile application so I can make calls to Instagram API and get some information from the Instagram. Simply, my application will ask user to authorize Instagram access and able to get access token for API calls. Application should not ask user to login again once the user is authorized. I already setup my Instagram client-app to implement server-side authentication flow.
My challenge is I want to do this on by using AWS mobile services. I already setup custom authentication from MobileHub and came to point where I need to define my custom authentication flow (in this case it is Instagram authentication flow). Under AWS Cognito app when I go to Triggers tab, I see different options for defining lambda functions associated with my authentication (such as pre/post auth or define / create / verify auth challenge). I am not sure how to align Instagram Authentication flow with these functions. Or should I use something else. Also I am not clear how does AWS Cognito manages authentication flow: I don't want my users to go through authorization process every time they start my application. I believe AWS Cognito link users from my custom flow to some Cognito identity and able to authenticate when they use my application. I really appreciate any suggestions, or even code sample (if available).
Check this Document for Cognito Identity. Instagram is not there by default. So you have to use External Identity Provider, most probably using Open ID Connect Providers.

How can I allow limited access to API created in aws API gateway?

I have a API in AWS API gateway.
I wants to give Limited access to the user how can I do that?
or how can I create Signed url if possible for the API access does anyone has any idea?
I can Disable from the API Gateway Console but can I give the time or limited access to the user?
You can use AWS Cognito to authenticate your user against Google/Twitter/Facebook. Then in Cognito you configure the Role the temporary IAM user should have that Cognito returns. This Role should at least have rights to call your API Gateway.
In the API Gateway you can configure your endpoints so that it is required to have a valid IAM authentication.
Lastly if you want to restrict the user, you can make a call to Cognito and remove/adjust his account to block him.

REST API - Authentication vs Authorisation?

I am creating some APIs and I am confused about how my application will authenticate, basically because I feel I need 2 authentications and I cannot find any information about this.
Authentication with the API Server (so my app will be able to retrieve data and sync even if no user is logged in)
Users authentication
Is one endpoint (i.e. /login ) enough to manage all this?
Any ideas?
Thank you!
In this case, use an HMAC on the incoming request with a preshared key to authenticate the user. Then on your resource (in the Controller), validate that your user is authorized to access the route.