Amplify-js: Question: access token from federated login ?

Created on 3 Mar 2018  路  10Comments  路  Source: aws-amplify/amplify-js

I notice that after a user logs in with a federated identity provider, setCredentialsFromFederation() sets the provider, token, user as part of the AWS.config (https://github.com/aws/aws-amplify/blob/36acdc9/packages/aws-amplify/src/Auth/Auth.ts#L725 ). How do I access the token returned from the identity provider, should I just get it from the local storage key 'federatedInfo'?

Auth
Source
picture vsrivatsan89

Most helpful comment

this enhancement has been released

picture mlabieniec on 13 Apr 2018
👍2

All 10 comments

@vsrivatsan89 If I understand your question correctly then the AppSync documentation indicates you can use Auth.currentCredentials(). They use that to get credentials when AppSync authentication is set to IAM.

buggy picture buggy on 5 Mar 2018

Hey @buggy , If I understand correctly, Auth.currentCredentials() in turn just calls the Auth.setCredentialsFromFederation(). It doesn't give me access to the token. Am I mistaken?

vsrivatsan89 picture vsrivatsan89 on 5 Mar 2018

@vsrivatsan89 Auth.currentCredentials() will return you a CognitoIdentityCredentials object. This will contain a WebIdentityCredentials object which you can then retrieve the [Logins] from for your identity providers i.e. google/facebook etc.

So, for example, to retrieve a google token:

async getCreds() {
    let credentials = await Auth.currentCredentials(),
         token = credentials.webIdentityCredentials.params.Logins['accounts.google.com'];

    console.log(token); // here is your token
}
mlabieniec picture mlabieniec on 7 Mar 2018

@mlabieniec Awesome! Also does this token get renewed automatically? They are short lived tokens correct? Does Aws-amplify do the refreshing of tokens underneath?

vsrivatsan89 picture vsrivatsan89 on 7 Mar 2018

@vsrivatsan89 the auto-refresh is in pr:
https://github.com/aws/aws-amplify/pull/191

Currently there is a bit of an issue on the facebook side, but we are working to get this pushed out asap, they are valid for 1 hour.

Related to #180

mlabieniec picture mlabieniec on 7 Mar 2018
👍1

@mlabieniec In the mean time, I should just log my user out after the token expires?

vsrivatsan89 picture vsrivatsan89 on 7 Mar 2018

Yea if you follow that PR, you can basically request a new token similar to that, and Authenticate again, but something is up on the facebook login. Or yes, just require re-login.

mlabieniec picture mlabieniec on 7 Mar 2018

this enhancement has been released

mlabieniec picture mlabieniec on 13 Apr 2018
👍2

Hello @mlabieniec . Have you released the federated (by Facebook) identity token refresh?
For authentication I am still using amazon-cognito-identity-js where I use the Authorization Grant Flow for retrieving a refresh token. But I would like to update everything to Amazon Amplify, yet not loosing the refresh feature.

SimoneMSR picture SimoneMSR on 16 Apr 2018

After google federated login, when I get the credentials, it doesn't give me 'accessToken' when I get currentCredentials like below. I needed accessToken in my react native app, to do google rest api calls directly from app. please help me out if I am missing something.

let credentials = await Auth.currentCredentials()
it doesn't have accessToken.

naveenkonduru picture naveenkonduru on 12 Aug 2018
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ddemoll picture ddemoll  路  3Comments
karlmosenbacher picture karlmosenbacher  路  3Comments
guanzo picture guanzo  路  3Comments
callmekatootie picture callmekatootie  路  3Comments
rygo6 picture rygo6  路  3Comments