I have a mobile app with signup/signin options. Mobile app makes calls to Rest APIs and the APIs use Python boto3 CognitoIdentityProvider client to create users in AWS Cognito user pools. SignIn using email/password works fine.
For social sign-in, mobile app is updated with google sign-in and fetch idToken,accessToken. How do I use google returned signIn token to signin/create user in Cognito user pool from the backend python environment? Is this feasible?
For username/password options, I use signup and admin_initiate_auth methods. But not sure what to use to allow users to sign or create users in UserPool when using google/facebook signin option.
Essentially is there a way in Boto3 or other AWS libraries to create users in UserPool using google/facebook returned idToken>
get_id method from boto3 CongnitoIdentity service addresses the concern.
Using the google returned ID token, call get_id to create federated identity.
client = boto3.client('cognito-identity',
aws_access_key_id=ACCESS_KEY,
aws_secret_access_key=ACCESS_SECRET_KEY)
response = client.get_id(
AccountId='YOUR AWS ACCOUNT ID',
IdentityPoolId='us-east-1:xxxdexxx-xxdx-xxxx-ac13-xxxxf645dxxx',
Logins={
'accounts.google.com': 'google returned IdToken'
},
)
Response includes the Cognito IdentityId:
{
"ResponseMetadata": {
"RetryAttempts": 0,
"HTTPStatusCode": 200,
"RequestId": "xxxfb049b-1f77-xxxx-a67c-xxxfb049b",
"HTTPHeaders": {
"date": "Sun, 04 Mar 2018 06:43:13 GMT",
"x-amzn-requestid": "xxxfb049b-1f77-xxx-a67c-xxxfb049b",
"content-length": "63",
"content-type": "application/x-amz-json-1.1",
"connection": "keep-alive"
}
},
"IdentityId": "us-east-1:xxx-2xx1-1234-9xx2-xxxx"
}