Configuring Federated Signin in Amplify
This post is for people who are using AWS Amplify and having trouble configuring federated signin.
I am working on a project which requires using firebase as the OIDC (OpenID Connect) identity provider (IdP). So, firebase token is used to login as a federated user.
Link to official documentation: https://docs.amplify.aws/lib/auth/advanced/q/platform/js#identity-pool-federation
U may have got errors like Error: Federation requires either a User Pool or Identity Pool in config
. This arise due to version conflicts and not correctly importing the required modules.
Step1: First thing is to create an identity pool in AWS cognito and give it permissions to access AWS AppSync, AWS Amplify etc. While creating the pool, use Google+ as the authentication provider. Enter <RANDOM_STRING>.apps.googleusercontent.com into it as the google client ID. For firebase users, u can get it by downloading the firebase config file from your project’s dashboard.
Step2: Second thing is to download the aws-exports.js file from the appsync console. Modify it as follows:
// WARNING: DO NOT EDIT. This file is automatically generated by AWS Amplify. It will be overwritten.
const awsmobile = {
aws_appsync_graphqlEndpoint:
“https://<APPSYNC_API_ID>.appsync-api.<AWS_REGION>.amazonaws.com/graphql",
aws_appsync_region: “<AWS_REGION>”
aws_appsync_authenticationType: “API_KEY”,
aws_appsync_apiKey: “<APPSYNC_API_KEY>”,
// The following field aws_cognito_identity_pool_id is super-important
aws_cognito_identity_pool_id:
“<AWS-REGION>:<IDENTITY_POOL_ID>”,
aws_cognito_region: “<COGNITO_AWS_REGION>”,
};
module.exports = awsmobile;
Step3: Test your function. The following code snippet can help you:
const { Auth } = require(“@aws-amplify/auth”);
const { Amplify } = require(“@aws-amplify/core”);
const { API } = require(“aws-amplify”);
const awsmobile = require(“./aws-exports”);
Amplify.configure(awsmobile);
const testFederatedSignin = () => {
let domain = “securetoken.google.com/<PROJECT_ID>”;
let token = “ey.…<FIREBASE_TOKEN>……Q”;
let expiresIn = 1800;
let user = {
name: “YOUR_USERNAME”,
};
Auth.federatedSignIn(
domain,
{
token,
expires_at: expiresIn * 1000 + new Date().getTime(), // the expiration timestamp
},
user
)
.then((cred) => {
// If success, you will get the AWS credentials
console.log(“Credentials are:”, cred);
return Auth.currentAuthenticatedUser();
})
.then(async (user) => {
// If success, the user object you passed in Auth.federatedSignIn
})
.catch((e) => {
console.log(e);
});
};
Let me know if u need more details in the comments. I will get back to you! On a tight schedule (what’s new😄)