4

I'm using the AWS Android SDK.

I have an API Gateway resource that is set accessible with "Authorization COGNITO_USER_POOLS". I have an user pool and I am able to:

  • Provide username and password to get the JWT token
  • Use the JWT token in the "Authorization" header to access the API Gateway resource.

Now I want to use an external OpenID Connect provider to add users to the pool.
The identity provider is set in the "Federation" section of the User Pool.
I'm able to login to the external provider (Keycloak) to get a JWT token but I could not find a way to exchange this token with a Cognito User Pool JWT token to access the API.

I'm only able to use a CognitoCachingCredentialsProvider to get AWS AccessKey and SecretKey.

Am I missing something?

Gnafu
  • 1,591
  • 3
  • 10
  • 26
  • I am researching a similar question.. currently I am using IAM_Auth as API Gateway authorization and using a Federated Identity pool with my OpenID provider to retrieve AWS AccessKey and SecretKey. – KiteCoder Jul 12 '18 at 14:39
  • Is there a reason why you want to use a Cognito User pool and not relying only on an Identity Pool? – KiteCoder Jul 19 '18 at 14:59
  • I don't have a particular reason, Cognito user pools worked easily for a first login implementation. – Gnafu Jul 20 '18 at 14:01
  • @Gnafu Have you found the solution? – joe Jun 07 '19 at 06:28
  • @Sarit No, I ended up removing the Cognito user pool. This question is still open. I don't even know IF this is possible :) – Gnafu Jun 10 '19 at 12:32

0 Answers0