AWS Cognito Error: 'identityPoolId' failed to satisfy constraint

Question

I am new Cognito. I am trying to implement AWS Cognito using Lambda. This is the tutorial I am following.

AmazonCognitoIdentityClient client =
                new AmazonCognitoIdentityClient();
    GetOpenIdTokenForDeveloperIdentityRequest tokenRequest = new GetOpenIdTokenForDeveloperIdentityRequest();
    tokenRequest.setIdentityPoolId("us-east-1_XXXXXXX");

This is the pool Id that I am using in the setIdentityPoolId

This is the JUnit test

public class AuthenticateUser implements RequestHandler<Object, Object> {

@Override
public Object handleRequest(Object input, Context context) {

    AuthenticateUserResponse authenticateUserResponse = new AuthenticateUserResponse();
    @SuppressWarnings("unchecked")
    LinkedHashMap inputHashMap = (LinkedHashMap)input;
    User user = authenticateUser(inputHashMap);
    return null;
}

public User authenticateUser(LinkedHashMap input){
    User user = null;
    String userName = (String) input.get("userName");
    String passwordHash = (String) input.get("passwordHash");

    try {
        AmazonDynamoDBClient client = new AmazonDynamoDBClient();
        client.setRegion(Region.getRegion(Regions.US_EAST_1));
        DynamoDBMapper mapper = new DynamoDBMapper(client);
        user = mapper.load(User.class, userName);

        if(user != null){
            System.out.println("user found");
            if(user.getPasswordHash().equals(passwordHash)){
                System.out.println("user password matched");
                String openIdToken = getOpenIdToken(user.getUserId());
                user.setOpenIdToken(openIdToken);
                return user;
            } else {
                System.out.println("password unmatched");
            }
        } else {
            System.out.println("user not found");
        }
    } catch (Exception e) {
        System.out.println("Error: " + e.toString());
    }

    return user; 
}

This is the output

user found
user password matched

But I am getting the following error and hence, the return user statement is failing

1 validation error detected: Value 'us-east-1_XXXXXX' at 'identityPoolId' 
failed to satisfy constraint: Member must satisfy regular expression pattern: [\w-]+:[0-9a-f-]+ 
(Service: AmazonCognitoIdentity; Status Code: 400; Error Code: ValidationException; 

Answer 1

You are using a Cognito user pool id as the identity pool id. They are two different things. Identity pool ids are of format us-east-1:XXXX-XXXXXX-XXXX-XXXX.

To get an identity pool id you should use the "Manage Federated Identities" parts of the Cognito console not the "Manage User Pools" section.

Answer 2

"User Pools" and "Federated Identities" are different things. Make sure that you are not providing "aws_cognito_identity_pool_id" in config.

My config looks like:

...
    "Auth": {
        "region": "us-east-1",
        "userPoolId": "<...>",
        "userPoolWebClientId": "<...>",
        "mandatorySignIn": false,
        "oauth": {
            "domain": "<...>.auth.us-east-1.amazoncognito.com",
            "scope": [
                "phone",
                "email",
                "openid",
                "profile",
                "aws.cognito.signin.user.admin"
            ],
            "redirectSignIn": "<...>",
            "redirectSignOut": "<...>",
            "responseType": "code"
        }
    }
...

In User Pool - Allowed OAuth Flows

• Authorization code grant - check
• Implicit grant - check

Answer 3

You can find it in User Pools > Federated Identities > App clients > App client id