1

I have a regular Cognito user setup, and we have a lambda function which links social provider accounts to this regular user using the adminLinkProviderForUser API.

After this happens, the user pool user correctly shows the link in the identities user attribute:

[{"userId":"16625876272112","providerName":"Facebook","providerType":"Facebook","issuer":null,"primary":false,"dateCreated":1519293430376}]

From this point, I am struggling to actually authenticate the Facebook user on their next login. I would expect to be able to sign-in to cognito with an facebook access token and somehow cognito return a valid token for the linked cognito user. Currently I can only do a basic auth (username + password) to retrieve it. So at the moment I can't use the link for anything.

Any help would be greatly apprechiated.

Thanks.

Ricky Davis
  • 369
  • 1
  • 11

2 Answers2

1

If you are using the Cognito hosted UI and have Facebook configured as an identity provider, you should be getting an option for logging in with Facebook on the hosted UI page.

Another option is to add "identity_provider=Facebook" in the hosted UI URL. It will directly go to the Facebook login.

I am on the Cognito team. We have heard this requirement in the past, basically providing a Facebook access token to login and I will add a +1 to the feature on your behalf.

Ionut Trestian
  • 5,473
  • 2
  • 20
  • 29
0

Actually this is my question too. So from my understanding the adminLinkProviderForUser only update the Cognito user and add the OAuth identities information. But if users log in via the OAuth connection, we could not know to which Cognito user it belongs.

Adding the fact that the email address of a Cognito user could be absolutely different that their email address in their social account, renders this API completely useless. :/

Bardia
  • 33
  • 1
  • 6