Since all this code is front end. How can I take the session token and verify the user is authenticated? For example I want to lock down a route?
Is it similar to these? http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html
Or would I be better off not using this library and going with adminInitAuth and keeping everything on my back end?
I'm not sure if this is the best way, but here is how I do it.
After a successful login, post the 3 tokens and username to your backend service. Then recreate the session based on those tokens and username. Here's my nodejs code:
const idToken = new AmazonCognitoIdentity.CognitoIdToken({
IdToken: req.body.tokens.idToken.jwtToken,
});
const accessToken = new AmazonCognitoIdentity.CognitoAccessToken({
AccessToken: req.body.tokens.accessToken.jwtToken,
});
const refreshToken = new AmazonCognitoIdentity.CognitoRefreshToken({
RefreshToken: req.body.tokens.refreshToken.token,
});
var tokenData = { IdToken : idToken,
RefreshToken: refreshToken,
AccessToken: accessToken};
var session = new AmazonCognitoIdentity.CognitoUserSession(tokenData);
var poolData = {
UserPoolId: '---',
ClientId: '---',
IdentityPoolId: '--'
};
var userPool = new CognitoUserPool(poolData);
var userData = {
Username: req.body.username,
Pool: userPool
};
var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData);
cognitoUser.signInUserSession = session;
console.log('valid? ' + session.isValid());
I used this method because the existing methods to refresh the session rely on local storage (which will not exist on the backend).
Most helpful comment
I'm not sure if this is the best way, but here is how I do it.
After a successful login, post the 3 tokens and username to your backend service. Then recreate the session based on those tokens and username. Here's my nodejs code:
I used this method because the existing methods to refresh the session rely on local storage (which will not exist on the backend).