UserPool.getCurrentUser( ) returns null [backend]

Question

Am trying to set up a federated identity in order to get credentials for identity. But when i try to do the getCurrentUser() am getting response as null. And another thing about this is, am trying this on backend side. So will it work in the backend? And why am getting a null response when trying getCurrentUser ?? Any idea?

var data = {
    UserPoolId: userPoolId,
    ClientId: appClientId,
  };

var userPool = new AmazonCognitoIdentity.CognitoUserPool(data);
console.log(userPool);
var cognitoUser = userPool.getCurrentUser();
console.log(cognitoUser);

The log response of userPool is

CognitoUserPool {
    userPoolId: 'us-east-6_hxxxx2U',
    clientId: '`6heh4h8h848h4884h05',
    client:
     Client {
       endpoint: 'https://cognito-idp.us-east-1.amazonaws.com/',
       userAgent: 'aws-amplify/0.1.x js' },
    advancedSecurityDataCollectionFlag: true,
    storage:
     { [Function: MemoryStorage]
       setItem: [Function: setItem],
       getItem: [Function: getItem],
       removeItem: [Function: removeItem],
       clear: [Function: clear] } }

The log response of cognitoUser is NULL

So why is response null, while am giving right values as input?

victor zhao · Answer 1 · 2019-01-07T09:28:06.423

There are few potential causes:

Use getCurrentUser() instead of getCurrentUser(Data)
If you didn’t sign in a user at backend, it wouldn’t be possible to get the current user. If users are signed in at front end, you can use a function to send user’s id_token to backend and use it to sign in the use at backend.

About the second point:

The id_token contains a part called payload which contains the user’s username and other attributes. For details: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-id-token

When you use the id_token you should verify the signature before allowing further actions for the user. Codes for verifying can be found in https://github.com/awslabs/aws-support-tools/tree/master/Cognito/decode-verify-jwt And you can add you code for actions here:

                    .....
                    // and the Audience (use claims.client_id if verifying an access token)

                    if (claims.aud != app_client_id) {

                        callback('Token was not issued for this audience');

                    }

                    //add your code here

                    callback(null, claims);

                }).

                catch(function() {

                    callback('Signature verification failed');

                });

And the user information should be in the claims.

So how could i sign in the user at backend? Can you specify what function to use ? — md-shah, Jan 05 '19 at 09:19
No. Am using admin_srp_auth inorder to login user from backend. Can you just explain the 2nd point you have written on answer?? — md-shah, Jan 07 '19 at 00:31

score 0 · Answer 2 · answered Jan 10 '19 at 01:20

Its because the code I have posted here is for the frontend. There is an article https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html which says clearly how should we try to authenticate a user.

So after the correct auth flow, we will pass the required data by using cognitoidentity.getCredentialsForIdentity() [refer offical sdk doc]

UserPool.getCurrentUser( ) returns null [backend]

2 Answers2

Linked