Cognito: How to retrieve federated identity token from 3rd party idp

Question

I’ve set up a identity pool and configured a google IdP to be able to federate logging using google credentials. One of the goals of the software I’m building is to integrate with google apis to perform integrated functions on behalf of the user with google services. However, everything I’ve read and all my testing has lead me to believe that after google redirects back to cognito, it’s takes the google token and authors its own and the federated token is discarded and not retrievable. Ideally, I’d like to store the federated google token inside a claim of the cognito token itself.

Is there something I am missing, perhaps another path I’ve overlooked, or do need to look at another product because cognito doesn’t support my use-case

Accepted Answer

If you want access to the federated tokens then you have to build your own oauth flow UI and leverage the cognito sdk in your api. Definitely not a nice out of the box solution as it meant I had to discard using the Hosted UI and ROYO my own with the cognito sdk driving it. However, the fact that the sdk was available was the solution to my scenario.  https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-cognito-identity-provider/index.html

Cognito: How to retrieve federated identity token from 3rd party idp

관련 콘텐츠