0

I'm not understand with Amazon Cognito documentation. I followed the instruction to set up Google Sign In and successfully retrieved the IDToken, add my Amazon Cognito User Pool domain URL in the Google app's Authorized redirect URIs. However I don't know how to redirect Idp token to Cognito user pool and add into it.

Besides, I dont know how to setup callback URL and sign out URL for my android app at App Client Setting section. Not sure if necessary or not to setup...

So my google sign in is exactly like google documentation.

@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_main);

    AppHelper.init(getApplicationContext());
    inUsername = findViewById(R.id.editTextUserId);
    inPassword = findViewById(R.id.editTextUserPassword);
    GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
            .requestIdToken(getString(R.string.server_client_id))
            .requestEmail()
            .build();
    mGoogleSignInClient = GoogleSignIn.getClient(this, gso);
    SignInButton signInButton = findViewById(R.id.sign_in_button);
    signInButton.setSize(SignInButton.SIZE_WIDE);
    signInButton.setOnClickListener(this);
}

Then I get ID token 

private void handleSignInResult(Task<GoogleSignInAccount> completedTask) {
    try {
        GoogleSignInAccount account = completedTask.getResult(ApiException.class);
        // Signed in successfully, show authenticated UI.
        updateUI(account);
        idToken = account.getIdToken();
        finish();
    } catch (ApiException e) {
        // The ApiException status code indicates the detailed failure reason.
        // Please refer to the GoogleSignInStatusCodes class reference for more information.
        Log.w(TAG, "signInResult:failed code=" + e.getStatusCode());
        updateUI(null);
    }
}

So I signed in. My problem is what should I do next to add my google ID to Cognito User Pool? Is it possible no need go through Oauth process since I already authorized and gave basic permission (GoogleSignInOptions.DEFAULT_SIGN_IN) when signing in?

Lee Yee Run
  • 77
  • 3
  • 14
  • Have a look [here](https://stackoverflow.com/a/47796072/4985580) – F_SO_K Jan 29 '18 at 11:37
  • Sorry i’m too newbie... so based on my understanding, it means that I just have to **post** my Google IdToken to AWS Token endpoints. Then it will send the endspoint response to callback URL. Then, my google ID will be automatically added into cognito user pool? Is it right? – Lee Yee Run Jan 29 '18 at 13:56
  • However I saw the comment. _The issue here is when using federated user identity NOT cognito user pool. As federated identity is talking to provider like Facebook..._ Does this mean that Cognito user pool has another way instead of going through Oauth 2.0 process? – Lee Yee Run Jan 29 '18 at 14:16
  • I suggest posting details (including code) of what you've tried and what you're specifically having a problem with. – F_SO_K Jan 29 '18 at 14:30
  • I guess Oauth process is needed when I read [this](https://github.com/aws/amazon-cognito-identity-js/issues/508) – Lee Yee Run Jan 29 '18 at 16:51

1 Answers1

0

What your code does here is Google Sign In, and you get back a token which is not going to be useful for Cognito User Pool as far as I understand Cognito User Pools (which has particularly poor documentation).

That token would be useful if you were to use Cognito Federated Identities. If you wanted to use an Cognito Federated Identity Pool, you'd use that token with something like

var awsCredentials = new CognitoAWSCredentials(
    "your Cognito Identity Pool Id",
    Amazon.RegionEndpoint.<your region>);
awsCredentials.AddLogin("accounts.google.com", token);

At which point you could use those AWS credentials to instantiate a client to any of AWS services.

mipnw
  • 2,135
  • 2
  • 20
  • 46