Amplify-js: Auth.federatedSignIn returns undefined cred while signin with apple

Created on 8 May 2020 · 17Comments · Source: aws-amplify/amplify-js

Describe the bug
I use cognito user pool + federeted identity to create unique identities for your users and to securely access other AWS services.
I am trying to implement sign in with apple along with normal signin. Normal sign in takes email as username.
After following steps mentioned here -https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-social-idp.html , user gets created in cognito user pool but Auth.currentAuthenticatedUser() returns unauthenticated user error. Also cred is undefined.

Auth.federatedSignIn({ provider: "SignInWithApple", }).then(cred => { // If success, you will get the AWS credentials console.warn("success is",cred); return Auth.currentAuthenticatedUser(); })

To Reproduce
Steps to reproduce the behavior:

follow these steps https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-social-idp.html

Expected behavior
User should get created in user pool as well as federated identity should get created.
Auth.federatedSignIn should return valid credentials
Auth.currentAuthenticatedUser() should return valid apple user

Code Snippet
Please provide a code snippet or a link to sample code of the issue you are experiencing to help us reproduce the issue. (Be sure to remove any sensitive data)

Screenshots
If applicable, add screenshots to help explain your problem.

What is Configured?

If applicable, please provide your manual configuration example:
Amplify.configure({ Auth: { mandatorySignIn: true, region: config.cognito.REGION, userPoolId: config.cognito.USER_POOL_ID, identityPoolId: config.cognito.IDENTITY_POOL_ID, userPoolWebClientId: config.cognito.APP_CLIENT_ID, oauth : { domain : 'cognito domain name', scope : ['phone', 'email', 'profile', 'openid','aws.cognito.signin.user.admin'], redirectSignIn: 'myapp://oauth/', redirectSignOut: 'myapp://signout/', responseType: 'code' }, } })

npx envinfo --system --binaries --browsers --npmPackages --npmGlobalPackages

Smartphone (please complete the following information):

Device: [e.g. iPhone6]
OS: [e.g. iOS8.1]
Browser [e.g. stock browser, safari]
Version [e.g. 22]

Additional context
Add any other context about the problem here.

_You can turn on the debug mode to provide more info for us by setting window.LOG_LEVEL = 'DEBUG'; in your app._

Auth Cognito Service Team pending-close-response-required

Source

TanviVartak

👍2

All 17 comments

Thanks for logging this. It looks related to

We have a FR here -> https://github.com/aws-amplify/amplify-js/issues/3395

mauerbac on 8 May 2020

👍1

@TanviVartak Just for reproducibility, can you provide the following info?

Framework (React, React Native, Expo, Vue, etc) & version
aws-amplify version

amhinson on 11 May 2020

@amhinson we are using react native framework. below is the version details
"aws-amplify": "^1.1.26",
"react-native": "0.60.0-rc.0"

TanviVartak on 12 May 2020

@TanviVartak Thanks for the info! Could you try listening to the Hub events like in this example from the docs instead of using .then()?

Based on some other issues, there might be a bit of a race condition going on between the federated sign in and calling currentAuthenticatedUser() (which we are already looking into):
https://github.com/aws-amplify/amplify-js/issues/4132
https://github.com/aws-amplify/amplify-js/issues/5046#issuecomment-620727331
https://github.com/aws-amplify/amplify-js/issues/5133#issuecomment-620717488

amhinson on 12 May 2020

@amhinson I already tried listening to Hub events, in that case also I'm not getting identity id because there is no entry exists in federated identity pool.

TanviVartak on 12 May 2020

Ah ok. When you use federation through User Pools (i.e. Auth.federatedSignIn({ provider: "SignInWithApple" })), this is separate from using Identity Pools directly, so there will be no identity id for the user since Cognito handles everything behind the scenes.

From the docs:
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-social-idp.html

Sign-in through a third party (federation) is available in Amazon Cognito user pools. This feature is independent of federation through Amazon Cognito identity pools (federated identities).

amhinson on 12 May 2020

@amhinson Ohk, thanks for the explaination! I have one doubt though. WhenI use normal signup flow by passing username and password to auth.signup, this creates a user in cognito user pool and return identity id as well. The whole authentication and authorization is managed by cognito. I just take identity id, save in my db and proceed with app. But when user signup using apple, it just creates a user in user pool but does not return identity id. Could you please help me to understand how can I proceed with app without an authorization (without identity id)?
let me know if I'm misunderstanding anything.

TanviVartak on 12 May 2020

In my testing, I'm not seeing an "identity id" in the CognitoUser returned from Auth.currentAuthenticatedUser() with a normal signup. Could you elaborate a bit more on where you are seeing this key?

amhinson on 12 May 2020

Sorry, I should have mentioned this properly .Auth.currentAuthenticatedUser() does not return 'identity id'. I am using serverless framework and writing lambda functions using node.js
In my server APIs I use identity id as unique id for each user, which I get like this
function main(event, context) { const userId=event.requestContext.identity.cognitoIdentityId }
I have followed this architecture: https://serverless-stack.com/chapters/create-a-cognito-identity-pool.html
so here are the steps I follow:
1: Auth.userAttributessignUp - pass username, emaildId, password
2: on success Auth.signIn -pass username, password
3: on success call server api to create user in my db which uses 'event.requestContext.identity.cognitoIdentityId' as userId primary key

TanviVartak on 12 May 2020

Oh ok, thanks for the update! I don't have a working example of the architecture you're describing, but I'm wondering if there is some other value in the requestContext that could be used as a unique user id instead of identity.cognitoIdentityId?

amhinson on 14 May 2020

I am experiencing something similar with #5801

if I run with a google account it returns undefined for my identityId, but with a cognito account it is fine

Auth.currentCredentials().then((u) => {
    console.log("Creds", u)
  })

The impact is that I cannot upload to private S3 locations as the url path returns undefined for the identityId

chadfaurie on 16 May 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] on 11 Jul 2020

This issue has been automatically closed because of inactivity. Please open a new issue if are still encountering problems.

stale[bot] on 18 Jul 2020

This stale bot sure is annoying. Every issue i come across is closed by this damn bot without any resolution whatsoever.

irshadnilam on 16 Dec 2020

👍1

Sorry about that @irshadnilam . Re-opening. Flagging to @sammartinez to prioritize

mauerbac on 17 Dec 2020

👍1

Hello! Does it look like cognito and amplify is useless for mobile app auth, because we can't get idToken from federated signIn?

SvyatHoly on 20 Dec 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] on 24 Jan 2021

Was this page helpful?

0 / 5 - 0 ratings