Amplify-js: AWS SDK and Amazon Cognito Identity JS

@stephenhuh amazon-cognito-identity-js is different than aws-sdk.

Are you looking use case 4?
I think that code snippet is not accurate.

The way to import AmazonCognitoIdentity is like this

import * as  AmazonCognitoIdentity from "amazon-cognito-identity-js";

//...

    var poolData = {
        UserPoolId : '...', // Your user pool id here
        ClientId : '...' // Your client id here
    };
    var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData);

or using require

var AmazonCognitoIdentity = require("amazon-cognito-identity-js");

//...

    var poolData = {
        UserPoolId : '...', // Your user pool id here
        ClientId : '...' // Your client id here
    };
    var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData);

@elorzafe ah okay so the two are not the same i.e. aws-sdk does not include the amazon-cognito-identity-js library.

Is it recommended to use the aws-sdk over amazon-cognito-identity-js on server side? I'll close the issue once this is clear.

@stephenhuh

What is your use case? In which situation you need to give temporary credentials on the client to your app users. Do you want to register users on your app or just make service calls?

@elorzafe
I'm calling adminGetUser in order to get the emails of registered users to send to a payment provider and adminCreateUser in order to create new users upon a user accepting an invitationlink

@stephenhuh https://github.com/amazon-archives/amazon-cognito-identity-js is an archived library and just happens to be an internal dependency of Amplify that is highly modified for mobile and web development. It should be treated as an implementation detail and not something leveraged directly if possible.

The Amplify library is for use with client applications and not in a backend service, you should use the AWS SDKs for that in your language of choice. To reiterate @elorzafe question could you go into details on your use case/workflow and why you need Cognito access on the server side? Is there some use case that you cannot meet currently?

Yeah, @undefobj to be as clear as possible, I'm using Cognito as my only store for user-specific data, I'm only storing the sub property as a key in my database and linking all other app-specific data to that.

I have to pass the email and other user attributes along to a third-party-service (Stripe). I want to be able to use a single user pool in the aws-sdk and not have to pass a user-pool-id per request as seen here:

CognitoAdaptee.prototype.getEmail = async function(uuid) {
  const promise = CognitoService.adminGetUser({
    UserPoolId: USER_POOL_ID,
    Username: uuid
  }).promise();

  return promise
    .then(({UserAttributes}) => {
      const EMAIL_INDEX = 4; // May be non-deterministic, must check.
      const email = UserAttributes[EMAIL_INDEX].Value
      logger.info(`Got email of user from Cognito Service: ${email}`)
      return email;
    })

Really, all I'm trying to do is get more information about this specific user by his/her sub | guid.

Some more info:
Stripe requires me to be making these API calls on the backend.

@stephenhuh how does your users signUp/signIn in your app?

@elorzafe they sign up via amplify on the client side web app. calls are made via amplify and directly into AWS Cognito.

@stephenhuh we create this RFC to see what features would you like to see in the future related to Auth Admin Tasks.

@elorzafe @undefobj wow! thank you so much for the effort. i'll make sure to check it out and hope to provide valuable feedback. feel free to close this issue!

@stephenhuh If your user pool is created with Username attributes option (that means you selected Email address or phone number option when you create a user pool). On that case the username is the same as the sub and the code you mention will work if you specified the user-pool-id (hardcoded) or if you don't want harcode the userpool id, you can list your user pools (if you have only one) that should work as well. I hope that works

@elorzafe @undefobj thank you for confirming this approach. though it slightly worries me that the SDK returns a UserAttributes object array of Value, Key object pairs instead of an object as it seems strange and non-deterministic.

It's confusing to have it return an array and so I've even implemented a check:

CognitoAdaptee.prototype.getEmail = async function(uuid) {
  const promise = CognitoService.adminGetUser({
    UserPoolId: USER_POOL_ID,
    Username: uuid
  }).promise();

  return promise
    .then(({UserAttributes}) => {
      const EMAIL_INDEX = 4;
      const email = UserAttributes[EMAIL_INDEX].Value
      logger.info(`Got email of user from Cognito Service: ${email}`)
      return email;
    })
    .then(email => {
      if (typeof email !== string) {
        throw new Error('Critical Gateway Error: UserAttributes are non deterministic in ordering');
      }
      return email;
    })
    .catch(e => {
      logger.error(`Error from CognitoAdaptee: ${JSON.stringify(e)}`)
      throw e;
    })
}

Though I believe this may be a separate issue for another repo such as aws-sdk-js

Otherwise, thank you again for your help. I've closed this issue.

This means the README.MD is out of date?