By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cognito: How to retrieve federated identity token from 3rd party idp

0

I’ve set up a identity pool and configured a google IdP to be able to federate logging using google credentials. One of the goals of the software I’m building is to integrate with google apis to perform integrated functions on behalf of the user with google services. However, everything I’ve read and all my testing has lead me to believe that after google redirects back to cognito, it’s takes the google token and authors its own and the federated token is discarded and not retrievable. Ideally, I’d like to store the federated google token inside a claim of the cognito token itself.

Is there something I am missing, perhaps another path I’ve overlooked, or do need to look at another product because cognito doesn’t support my use-case

Topics
Security, Identity, & Compliance
Tags
Amazon CognitoAmazon Cognito Federated Identities
Language
English
mypreptime-admin
asked 2 years ago1165 views
1 Answer
0
Accepted Answer

If you want access to the federated tokens then you have to build your own oauth flow UI and leverage the cognito sdk in your api. Definitely not a nice out of the box solution as it meant I had to discard using the Hosted UI and ROYO my own with the cognito sdk driving it. However, the fact that the sdk was available was the solution to my scenario. https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-cognito-identity-provider/index.html

mypreptime-admin
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content