Hi,
I've followed all the steps and I can login with username & password, but... what's next?
After the login I'm seeing that a new Unauthenticated Identity is added in my Cognito Identity Pool. How can I link that Identity to my user?
Something like the following...? Or maybe I'm totally missing the point of this service.
AWS.config.credentials.get(function () {
const token = session.getIdToken().getJwtToken();
AWS.config.credentials.params.Logins = {};
AWS.config.credentials.params.Logins['us-east-1_U5i6fZ4XX'] = token; // ???
AWS.config.credentials.expired = true;
AWS.config.credentials.get(function () {
// now I'm using authenticated credentials
});
With any combination of Logins[] I'm trying, I get HTTP 40X from the Cognito API:
Thank you!
Simone
Update:
I've found this line in http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentity.html#getId-property
The available provider names for Logins are as follows:
...
Amazon Cognito Identity Provider: cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789
but no luck, I'm getting this error:
Token is not from a supported provider of this identity pool.
I've of course configured the User Pool ID in my Cognito Identity Pool.
Hi Simone,
Actually the two are different services, the Cognito Identity User Pools service and the Credentials Provider service. A blog post that introduces the functionality of the two services can be found here.
http://mobile.awsblog.com/post/TxGNH1AUKDRZDH/Announcing-Your-User-Pools-in-Amazon-Cognito
What I think you are doing is that you are authenticating with the User Pools service, in which case you get the different tokens to manage the session after which you are using the tokens with the second service which won't work. The tokens for the User Pools service are meant only to handle access to the User Pools service, to retrieve, update, delete attributes etc.
Hope it helps,
Ionut.
Thank you for your reply.
I've read the blog post and at the bottom I read:
With that association configured, getting AWS credentials in your app is as simple as providing your AWSCognitoIdentityUserPool to your AWSCognitoCredentialsProvider
That's exactly what I'm trying to do but I cannot find any example of doing this using the JS SDK.
If I can't use tokens by Cognito IDP with Cognito Identity, why the documentation states that I can use IDP in the Login map?
The available provider names for Logins are as follows:
...
Amazon Cognito Identity Provider: cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789
Thank you!
Simone
Hi
same issue
Flow is getting successfully authenticating a username and password for a cognito user pool and getting three tokens, idtoken, refresh token, accesstoken now trying to autheticate to AWS credentials to use other aws services,
for cognito user pools we have taken the login id as
"cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789"
getting the error
AWSNotAuthorizedException: Invalid login token. Missing a required claim: aud
code
cognitoUser.authenticateUser(authenticationDetails, {
onSuccess: function (result) {
console.log('access token + ' + result.getAccessToken().getJwtToken());
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'xxxxxxxx',
IdentityId: 'identityid recieved during registration in user poolid',
Logins: {
'cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789': result.getAccessToken().getJwtToken()
}
});
AWS.config.credentials.get(function (err) {
// now I'm using authenticated credentials
if(err)
{
console.log('error in autheticatig AWS'+err);
}
else
{
console.log(AWS.config.credentials.identityId);
}
});
},
I got the problem the format for cognito userpools linked login is as follows
xxxxxx in the below should be replaced with your cognito userpool id that is, cognito-idp.us-east-1.amazonaws.com/userpoolid
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: ''",
Logins: {
'cognito-idp.us-east-1.amazonaws.com/xxxxxx': result.idToken.jwtToken
}
});
Please update the documentaion it is really misleading http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentity.html#getId-property
Hi Alphatiger,
Thanks for all the help!
Does this solve it for you as well Simone? The 2 problems I see is that you guys were literally using the example String of cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789 which Alphatiger pointed out that you should replace the end with your user pool ID.
Another problem is that you were using the AccessToken instead of the idToken which Alphatiger also pointed out.
Ionut.
Okay, I've identified my problem:
I were using an "App Client ID" different from the one that I'm using in my JavaScript app (for no specific reason I created two different apps). Updating the App Client ID clears the error: "Token is not from a supported provider of this identity pool".
As a temporary workaround in the past days, to make the login work, I added an Identity Provider in IAM (see attachment) and attached it to my Cognito Identity using the OpenID tab. This way, you can also support multiple App Client IDs (by adding an "audience"), useful e.g. for key rotation etc...

Thanks,
Simone
@Alphatiger @itrestian @lusentis I am getting this error when following your example (with my own credentials)
error in autheticatig AWSNotAuthorizedException: Invalid login token. Missing a required claim: aud
What could cause that?
OK, ignore my previous message.
Just for the record - this causes the error
Logins: {
'cognito-idp.us-east-1.amazonaws.com/us-east-1_xxxxxxxx': result.getAccessToken().getJwtToken()
}
And this fixes it
Logins: {
'cognito-idp.us-east-1.amazonaws.com/xxxxxxxx': result.idToken.jwtToken
}
It is hard to believe that AWS does not provide a working example of a Login page!!!
Has anyone been able to get Integrating User Pools with Amazon Cognito Identity to work? I'm struggling with the logins map. Is there an example that connects a user pool with a Cognito identity in Swift?
I had this same problem, tried all the solutions, and nothing. Turns out it was a simple JS mistake. Explanation here: https://stackoverflow.com/questions/2274242/using-a-variable-for-a-key-in-a-javascript-object-literal
let url = 'cognito.idp...';
Logins: { url: token } // fails
Logins: { [url]: token } // successful
Hope this finds you quickly ;)
Most helpful comment
It is hard to believe that AWS does not provide a working example of a Login page!!!