Aws-sdk-android: Cognito - Sign In - Error in federating the token
State your question
Exactly same found as https://github.com/aws-amplify/aws-sdk-android/issues/942.
I tried to remove the CredentialsProvider and IdentityManager sections then can retrieve accessToken. But have same warning Failed to federate tokens during sign-in
java.lang.Exception: Federation is not enabled, please check if you have CognitoIdentity configured.
Any update about this issue?
Which AWS Services are you utilizing?
Amazon Cognito
Provide code snippets (if applicable)
Same as https://github.com/aws-amplify/aws-sdk-android/issues/942
Environment(please complete the following information):
- SDK Version:
com.amazonaws:aws-android-sdk-core:2.15.+ -> 2.15.2
| --- com.google.code.gson:gson:2.2.4 -> 2.8.5
+--- com.amazonaws:aws-android-sdk-mobile-client:2.15.+ -> 2.15.2
| +--- com.amazonaws:aws-android-sdk-auth-core:2.15.2
| | --- com.amazonaws:aws-android-sdk-core:2.15.2 ()
| +--- com.amazonaws:aws-android-sdk-cognitoidentityprovider:2.15.2
| | +--- com.amazonaws:aws-android-sdk-core:2.15.2 ()
| | --- com.amazonaws:aws-android-sdk-cognitoidentityprovider-asf:1.0.0
| --- androidx.annotation:annotation:1.0.0 -> 1.1.0
+--- com.amazonaws:aws-android-sdk-appsync:2.8.+ -> 2.8.3
| +--- com.google.code.findbugs:jsr305:3.0.1
| +--- com.squareup.okhttp3:okhttp:3.8.1 -> 3.12.0 ()
| +--- com.amazonaws:aws-android-sdk-core:2.13.2 -> 2.15.2 ()
| +--- com.amazonaws:aws-android-sdk-mobile-client:2.13.2 -> 2.15.2 ()
| +--- com.amazonaws:aws-android-sdk-auth-userpools:2.13.2 -> 2.15.2
| | +--- com.amazonaws:aws-android-sdk-cognitoidentityprovider:2.15.2 ()
| | --- com.amazonaws:aws-android-sdk-auth-core:2.15.2 ()
| --- androidx.lifecycle:lifecycle-runtime:2.0.0 -> 2.1.0 ()
+--- com.amazonaws:aws-android-sdk-auth-userpools:2.15.+ -> 2.15.2 (*)
+--- com.amazonaws:aws-android-sdk-appsync-runtime:2.8.3
| +--- com.nytimes.android:cache:2.0.2
| | --- com.google.code.findbugs:jsr305:3.0.1
| --- com.amazonaws:aws-android-sdk-appsync-api:2.8.3
| --- javax.annotation:jsr250-api:1.0
Device Information (please complete the following information):
- Device: Any
- Android Version: Any
- Specific to simulators: No
SwiftyWang
All 10 comments
I checked the mobile client sdk maybe issues happened here
if (isFederationEnabled()) {
federatedSignInWithoutAssigningState(userpoolsLoginKey, mCognitoUserSession.getIdToken().getJWTToken());
}
inside __signIn_ method.
Here isFederationEnabled() always will be true and I cannot find a place to set it false.
Anyone can help?
SwiftyWang
on 25 Sep 2019
@SwiftyWang Thanks for reaching out. Can you please share the structure of your awsconfiguration.json that causes the exception. Also can you please share your identity pool configuration including all the configured identity providers?
desokroshan
on 27 Sep 2019
Sorry for the later.
{
"UserAgent": "aws-amplify/cli",
"Version": "0.1.0",
"AppSync": {
"Default": {
"ApiUrl": "",
"Region": "ap-southeast-1",
"AuthMode": "AMAZON_COGNITO_USER_POOLS"
}
},
"CognitoUserPool": {
"Default": {
"PoolId": "",
"AppClientId": "",
"AppClientSecret": "",
"Region": "ap-southeast-1"
}
}
}
Currently I am using this one and will have an warning.
2019-10-08 12:16:20.971 23779-23904/com.seekerscapital.aqt.preprod W/AWSMobileClient: Failed to federate tokens during sign-in
java.lang.Exception: Federation is not enabled, please check if you have CognitoIdentity configured.
at com.amazonaws.mobile.client.AWSMobileClient$8.run(AWSMobileClient.java:1455)
at com.amazonaws.mobile.client.internal.InternalCallback.await(InternalCallback.java:115)
at com.amazonaws.mobile.client.AWSMobileClient.federatedSignInWithoutAssigningState(AWSMobileClient.java:1410)
at com.amazonaws.mobile.client.AWSMobileClient$6$1.onSuccess(AWSMobileClient.java:1153)
at com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser$6.onSuccess(CognitoUser.java:814)
at com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser$27.run(CognitoUser.java:2603)
at com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser$24.run(CognitoUser.java:2480)
at com.amazonaws.mobileconnectors.cognitoidentityprovider.continuations.AuthenticationContinuation.continueTask(AuthenticationContinuation.java:124)
at com.amazonaws.mobile.client.AWSMobileClient$6$1.getAuthenticationDetails(AWSMobileClient.java:1170)
at com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser.getSession(CognitoUser.java:778)
at com.amazonaws.mobile.client.AWSMobileClient$6.run(AWSMobileClient.java:1139)
at com.amazonaws.mobile.client.internal.InternalCallback$1.run(InternalCallback.java:101)
at java.lang.Thread.run(Thread.java:764)
SwiftyWang
on 8 Oct 2019
I do not see any identity pool information in the configuration file, which is why we see the CognitoIdentity not configured exception. You need to create an identity pool and add user pool as an authentication provider for the setup to work. Please refer to the documentation for more details : https://aws-amplify.github.io/docs/android/authentication
desokroshan
on 11 Oct 2019
identity pool is must need? Because when I added Identity pool info there is an error happened and access token and id token cannot retrieve which we are using for restful api and appsync:
java.lang.RuntimeException: Error in federating the token.
at com.amazonaws.mobile.client.AWSMobileClient$8.run(AWSMobileClient.java:1484)
at com.amazonaws.mobile.client.internal.InternalCallback.await(InternalCallback.java:115)
at com.amazonaws.mobile.client.AWSMobileClient.federatedSignInWithoutAssigningState(AWSMobileClient.java:1414)
at com.amazonaws.mobile.client.AWSMobileClient$6$1.onSuccess(AWSMobileClient.java:1156)
at com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser.getSession(CognitoUser.java:745)
at com.amazonaws.mobile.client.AWSMobileClient$6.run(AWSMobileClient.java:1142)
at com.amazonaws.mobile.client.internal.InternalCallback$1.run(InternalCallback.java:101)
at java.lang.Thread.run(Thread.java:818)
Caused by: com.amazonaws.services.cognitoidentity.model.NotAuthorizedException: Token is not from a supported provider of this identity pool. (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: NotAuthorizedException; Request ID: 3c924e1f-70ea-11e9-80ca-01ad7f96c8b7)
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:730)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:405)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:212)
at com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient.invoke(AmazonCognitoIdentityClient.java:1658)
at com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient.getId(AmazonCognitoIdentityClient.java:739)
at com.amazonaws.auth.AWSAbstractCognitoIdentityProvider.getIdentityId(AWSAbstractCognitoIdentityProvider.java:172)
at com.amazonaws.mobile.client.AWSMobileClientCognitoIdentityProvider.refresh(AWSMobileClient.java:3600)
at com.amazonaws.auth.CognitoCredentialsProvider.startSession(CognitoCredentialsProvider.java:678)
at com.amazonaws.auth.CognitoCredentialsProvider.refresh(CognitoCredentialsProvider.java:631)
at com.amazonaws.auth.CognitoCachingCredentialsProvider.refresh(CognitoCachingCredentialsProvider.java:510)
at com.amazonaws.mobile.client.AWSMobileClient.federateWithCognitoIdentity(AWSMobileClient.java:1515)
at com.amazonaws.mobile.client.AWSMobileClient$8.run(AWSMobileClient.java:1471)
And also I asked our backend the indentity pool is not for mobile client.
SwiftyWang
on 14 Oct 2019
@SwiftyWang You need a Cognito Identity Pool created and configured with the Identity Provider (Cognito UserPools, Facebook or Google, etc.) on the backend with Amazon Cognito. After the successful configuration, you need to specify these values in the awsconfiguration.json file.
From the exception Caused by: com.amazonaws.services.cognitoidentity.model.NotAuthorizedException: Token is not from a supported provider of this identity pool. (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: NotAuthorizedException; Request ID: 3c924e1f-70ea-11e9-80ca-01ad7f96c8b7)
a
I can see that the Identity Provider (used for SignIn and SignUp, for example: UserPools, Facebook or Google, etc.) needs to be configured as the Identity Provider in your Cognito Identity Pool.
When you have that configuration specified, the federation should succeed without any error.
kvasukib
on 18 Oct 2019
This issue has been automatically closed because of inactivity. Please open a new issue if are still encountering problems.
![stale[bot] picture](https://avatars3.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 25 Oct 2019
@desokroshan I am not using the Identity pool, how do I configure my awsconfiguration.json file.
My current configuration file looks like this
{
"UserAgent": "aws-amplify-cli/0.1.0",
"Version": "0.1.0",
"CognitoUserPool": {
"Default": {
"PoolId": "poolId",
"AppClientId": "clientId",
"AppClientSecret": "secrectcode",
"Region": "ap-south-1"
}
},
"Auth": {
"Default": {
"authenticationFlowType": "CUSTOM_AUTH"
}
}
}
gauravrai1
on 6 Dec 2019
@SwiftyWang @kvasukib @desokroshan @lawmicha , was your issue solved? I am trying to do the same thing! i need to use user pools without using identity pools across Amplify android sdk
SamiKh94
on 12 Aug 2020
To do this, you should do the following steps in the CLI when adding your Auth category:
- Select "Manual configuration"
- Choose "User Sign-Up & Sign-In only (Best used with a cloud API only)"
However, not using identity pools does limit what operations you can use since there are some things it is needed for.
TrekSoft
on 29 Sep 2020
Related issues
HayTran94
路
4Comments
pedronveloso
路
3Comments
nsadiq-radpits
路
3Comments
mbk820
路
4Comments
bobguy1234
路
3Comments
Most helpful comment
@desokroshan I am not using the Identity pool, how do I configure my awsconfiguration.json file.
My current configuration file looks like this
{ "UserAgent": "aws-amplify-cli/0.1.0", "Version": "0.1.0", "CognitoUserPool": { "Default": { "PoolId": "poolId", "AppClientId": "clientId", "AppClientSecret": "secrectcode", "Region": "ap-south-1" } }, "Auth": { "Default": { "authenticationFlowType": "CUSTOM_AUTH" } } }