How to retrieve idtoken from AWS Cognito who logged via Google/Fedarated Login

Question

I've set up an application where users can register to my site/web application. Where

A.) A User can either join the site via registering their email/password combination and these users will be registered inside a Cognito User Pool.

B.) A User can join the site via logging in with Google/Facebook.

Bullet point A works as as expected. The user will submit their username and password, they will be able to login and they will receive the ID Token, AccessToken, and other information necessary as a response(I'm using aws amplify where it supeseded cognito javascript libraries). Now, when these users access a protected resource on API Gateway that has a cognito_authorizer enabled they will simply pass in

"Bearer " And they will be able to access

Where the is ID Token.

Now, for case B.

I am now able to login via social provider. I was able to configure all the necessary configurations in both google developer console, and registered google as federated entities.

Now, Thanks to aws amplify, I can perform a federated sign in by passing in the id token, and expires_at value that I have received from the google login.

However the only values I am able to received as a response from cognito is the CognitoIdentityCredentials (https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityCredentials.html)

There is no access token, refresh token, and other necessary information.

Question is. Is it possible for federated sign in to retrieve an access token, and idtoken that is generated by cognito, and use that as token to be passed in as a header whenever I perform a request where a resource has a cognito_authorizer for users who joined my site via social login? Or am Missing certain steps to perform federated login that will return idtoken,and access token which is generated by cognito?

Here's the sample code I'm using

    const profile = res.getBasicProfile();
    const { id_token, expires_at } =  res.getAuthResponse();
    const user = {
      email: profile.getEmail(),
      name: profile.getName()
    };
    console.log(id_token);
    Auth.federatedSignIn(
      // Initiate federated sign-in with Google identity provider 
      'google',
      { 
          // the JWT token
          token: id_token, 
          // the expiration time
          expires_at 
      },
      // a user object
      user
  ).then((a) => {
      // ...location.reload();
      console.log(a);
      console.log(Auth.currentUserPoolUser());
  });

And this is only the value I receive.

I cannot read all you output there but maybe my answer to a similar problem here is helpful. https://stackoverflow.com/a/50111152/1732297 — honkskillet, May 01 '18 at 10:10

score 0 · Answer 1 · answered Nov 05 '21 at 09:16

0

const getIdToken = async() => {return (await Auth.currentSession()).getIdToken().getJwtToken()}

answered Nov 05 '21 at 09:16

Nada Touil

317
3
12

How to retrieve idtoken from AWS Cognito who logged via Google/Fedarated Login

1 Answers1