Configuring Federated Signin in Amplify

This post is for people who are using AWS Amplify and having trouble configuring federated signin.

I am working on a project which requires using firebase as the OIDC (OpenID Connect) identity provider (IdP). So, firebase token is used to login as a federated user.

Link to official documentation: https://docs.amplify.aws/lib/auth/advanced/q/platform/js#identity-pool-federation

U may have got errors like Error: Federation requires either a User Pool or Identity Pool in config . This arise due to version conflicts and not correctly importing the required modules.

Step1: First thing is to create an identity pool in AWS cognito and give it permissions to access AWS AppSync, AWS Amplify etc. While creating the pool, use Google+ as the authentication provider. Enter <RANDOM_STRING>.apps.googleusercontent.com into it as the google client ID. For firebase users, u can get it by downloading the firebase config file from your project’s dashboard.

Step2: Second thing is to download the aws-exports.js file from the appsync console. Modify it as follows:

// WARNING: DO NOT EDIT. This file is automatically generated by AWS Amplify. It will be overwritten.

const awsmobile = {

aws_appsync_graphqlEndpoint:

“https://<APPSYNC_API_ID>.appsync-api.<AWS_REGION>.amazonaws.com/graphql",

aws_appsync_region: “<AWS_REGION>”

aws_appsync_authenticationType: “API_KEY”,

aws_appsync_apiKey: “<APPSYNC_API_KEY>”,

// The following field aws_cognito_identity_pool_id is super-important

aws_cognito_identity_pool_id:

“<AWS-REGION>:<IDENTITY_POOL_ID>”,

aws_cognito_region: “<COGNITO_AWS_REGION>”,

};

module.exports = awsmobile;

Step3: Test your function. The following code snippet can help you:

const { Auth } = require(“@aws-amplify/auth”);

const { Amplify } = require(“@aws-amplify/core”);

const { API } = require(“aws-amplify”);

const awsmobile = require(“./aws-exports”);

Amplify.configure(awsmobile);

const testFederatedSignin = () => {

let domain = “securetoken.google.com/<PROJECT_ID>”;

let token = “ey.…<FIREBASE_TOKEN>……Q”;

let expiresIn = 1800;

let user = {

name: “YOUR_USERNAME”,

};

Auth.federatedSignIn(

domain,

{

token,

expires_at: expiresIn * 1000 + new Date().getTime(), // the expiration timestamp

},

user

)

.then((cred) => {

// If success, you will get the AWS credentials

console.log(“Credentials are:”, cred);

return Auth.currentAuthenticatedUser();

})

.then(async (user) => {

// If success, the user object you passed in Auth.federatedSignIn

})

.catch((e) => {

console.log(e);

});

};

Let me know if u need more details in the comments. I will get back to you! On a tight schedule (what’s new😄)