Integrate Facebook login with AWS Cognito User Pool

Question

I'm trying to integrate aws user pool in my project. I manage to do a normal login with email and password, but I need to add login in with Facebook.

From what I read in documentation, for this I need to create an Indentity pool in Federated identities. I create one and I add the follow configurations for Authentication providers: - in Facebook tab to add my Facebook App ID, - and in Cognito tab to add my user pool id and app client id for my user pool.

And inside of my user pool, In Identity providers from federation, I select Facebook and for this I add my Facebook app ID and App secret.

In my app I implement a AWSIdentityProviderManager that contain:

class CognitoSocialProvider: AWSIdentityProviderManager {

   func logins() -> AWSTask<NSDictionary> {
      if let token = FBSDKAccessToken.current() {
        return AWSTask(result: [AWSIdentityProviderFacebook:token.tokenString])
      }
      return AWSTask(error:NSError(domain: kCognitoFacebookDomainError, code: -1 , userInfo: [kCognitoFaceook : kCognitoFacebookInvalidAccessToken]))
   }
}

And here is my code for Facebook login:

    let loginManager = FBSDKLoginManager()
    let permisions = [kCognitoFacebookPublicProfil, kCognitoFacebookEmail]
    loginManager.logIn(withReadPermissions: permisions,
                       from: parentVC) { (result, error) in
                        if (error != nil) {
                            failure(error! as NSError)
                        } else if (result?.isCancelled == true){
                            failure(NSError())
                        } else {
                            let socialProvider = CognitoSocialProvider()
                provider = AWSCognitoCredentialsProvider(regionType: REGION,
                                             identityPoolId: IDENTITY_POOL,
                            identityProviderManager: socialProvider)
                let serviceConfiguration = AWSServiceConfiguration(region: REGION, credentialsProvider: provider)
                AWSServiceManager.default().defaultServiceConfiguration = serviceConfiguration
                provider.clearKeychain()
                provider.clearCredentials()
                provider.credentials().continueWith { (task) -> Any? in
                DispatchQueue.main.async(execute: {
                        if let error = task.error as NSError? {
                                failure(error)
                        } else {
                                let response = task.result! as AWSCredentials
                                success(CognitoFacebookSession(credentials: response))

                        }
                })
                return nil
              }
        }

The login work, but when I look in my user pool in user an groups section, I can't see my user over there.

There is any other solution to integrate Facebook login, using only user pool without using Identity pool?

Answer 1

You need to use Identity Providers in your user pool, not Identity Pool in Federated Identities. This is located in the bottom of the left menu inside your user pool. This will create a user in your user pool but enable them to login using a 3rd party.

Then you can use the AUTHORIZE and TOKEN endpoints to get a JWT token for your user (together with the hosted UI). Or just use the Hosted UI directly it that's OK. https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-settings.html

Identity Providers in a user pool and Identity Pools in Federated Identities is not the same thing. A bit confusing. Identity pools will keep the identity at the 3rd party and just lets you get temporary access keys to AWS resources.

But I guess you don't NEED to have an entry in your user pool. Depends on what you want:)