0

I have configured a lambda trigger for Cognito. It works well for Cognito user signin but not for federated user sign in. Note: I am not using the 'Cognito Hosted UI' but Auth.federatedSignIn so that the users are authenticated via the provider(eg: google).

Previously i did add-permission for the Cognito. Like below.

aws lambda add-permission

--function-name

--statement-id

--action lambda:InvokeFunction

--principal cognito-idp.amazonaws.com

--source-arn

Should I do the same with 'principal' being google? I tried 'accounts.google.com'. It didn't work.

I am not sure why the trigger doesn't work for federated users.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
user3900196
  • 457
  • 2
  • 6
  • 18
  • I'm pretty sure that the User Pool triggers are for User Pool users (via Email/Username), and not for the Identity Pool federated users... Did you ever get this to work? Can you confirm please? – ElasticThoughts Feb 22 '19 at 21:08
  • Yes, I got it to work. I had to use 'Identity pool'. – user3900196 Mar 07 '19 at 17:30
  • can you please further explain how to achieve that ? – umer May 20 '20 at 21:34
  • @umer you have to create 'Identity Pool' and create roles (authenticated & unauthenticated) and then choose Authentication providers(google, facebook etc.) – user3900196 May 21 '20 at 01:23
  • client side,eg: google const ga = window.gapi.auth2.getAuthInstance(); ga.signIn().then( googleUser => { const {id_token, expires_at} = googleUser.getAuthResponse(); const profile = googleUser.getBasicProfile(); let user = { email: profile.getEmail(), name: profile.getName() }; const credentials = await Auth.federatedSignIn( 'google', {token: id_token, expires_at}, user ); }, error => { } ); – user3900196 May 21 '20 at 01:31

0 Answers0