0

After reading through tons of documentation and a lot of trial and error, I was able to actually create a lambda (api gateway) driven backend for developer authentication in my aws mobile hub application.

  • I have subclassed AWSCognitoCredentialsProviderHelper to create my developer identity provider
  • Implemented: getIdentityId, token and logins in the custom class

instantiation: 

devIdentityProvider = DeveloperIdentityProvider(
            regionType: AWSRegionType.USEast1,
            identityPoolId: getIdentityPoolFromPlist()!,
            useEnhancedFlow: true,
            providerName: "login.myapp",
            identityProviderManager: AWSIdentityManager.defaultIdentityManager())

    let credentialsProvider = AWSCognitoCredentialsProvider(
            regionType: AWSRegionType.USEast1,
            unauthRoleArn: nil,
            authRoleArn: nil,
            identityProvider: devIdentityProvider!)

    let configuration = AWSServiceConfiguration(
            region: AWSRegionType.USEast1,
            credentialsProvider: credentialsProvider)

    AWSServiceManager.defaultServiceManager().defaultServiceConfiguration = configuration

then I do a credentialsProvider.credentials() to get authenticated credentials for the token/identityId returned from my backend. All this seems to work and I get back AccessKey, SessionKey etc. So it seems to work fine.

In the continue block though, if I try to call a AWSDynamoDB or syncdata I get:

Unauthenticated access is not supported for this identity pool.

What might I be missing to make sure that AWS services in the mobile hub app, receive the updated credentials? Also, How do I involve AWSIdentityManager in this? Because it seems like AWSIdentityManager.defaultIdentityManger never gets userName etc. from my custom Identity Provider. Any help will be really appreciated.

xaksis
  • 448
  • 5
  • 14

2 Answers2

0

Have you tried checking the option for allowing unauthenticated identities for your identity pool?

P.S.: Storing user sensitive data against unauthenticated identities is not a recommended practice.

Rachit Dhall
  • 1,601
  • 11
  • 12
  • Yes, I have tried checking the option to allow unauthenticated access. I then get a mismatched session vs. Request identity Id error. Which again seems like even though I'm able to get the credentials, it is not available for the defaultservices... I'm not sure what would propagate the fresh credentials through the app? – xaksis Jul 18 '16 at 11:32
  • That error suggests that you probably have some issue with the cached identity id, can you please make sure you are not doing anything which caches the identity id longer than it is supposed to? To elaborate, that means you are trying to do an operation with identityId X but using credentials from identityId Y. – Rachit Dhall Sep 01 '16 at 18:49
0

I've also at pains to integrate a Mobile Hub Helper with multiple variations of sign in. Which include Cognito User Pools.

Short answer is, the MobileHubHelper identity manager is restricted to Facebook and Google login mechanisms right now.

In addition to this, it will also destroy any attempts to configure your project with another identity provider.

You will need to avoid using this, or download the source from Git Hub and modify.

MagicFlow
  • 477
  • 3
  • 17