3

I am trying to implement AWS Cognito into my application for better all round authentication. The system is a Rails application that is currently using Warden/Devise as the method for handling user accounts (Login,Registration).

My goal is to have a AWS UserPool that contains the list of users for the application. When a user is verified using Cognito I wish to then search the tables that we currently use for the role and move the user to the correct area of the system based on the role that they are assigned too.

I have started to implement the logic to handle this but have come up against a brick wall.

Please see below my code.

cognito_authenticatable.rb

Logic for handling the cognito authentication. All i want to do here is check that the user is registered and return the valid token so i can prefer internal application checks to gather the user role. 

def authenticate!
   if params[:login]
      region_name = 'us-east-2'
      user_pool_id = 'us-east-2_Qj78BNQon'
      client_id = '1pv3eno72e51mll3q36cuiojmr'

      client = Aws::CognitoIdentityProvider::Client.new(
         region: region_name
      )

      resp = client.initiate_auth({
         client_id: client_id,
         auth_flow: "USER_PASSWORD_AUTH",
         auth_parameters: {
           "USERNAME" => email,
           "PASSWORD" => password
         }
      })
     end
  end

divise.rb

This code is just to add the new authentication strategy to the applications warden service.

config.warden do |manager|
   manager.strategies.add(:cognito, 
   Devise::Strategies::CognitoAuthenticatable)
   manager.default_strategies(:scope => :login).unshift :cognito
   manager.default_strategies(:scope => :login).pop
end

The output error within the console is

Aws::Errors::MissingCredentialsError (unable to sign request without credentials set):

config/initializers/cognito_authenticatable.rb:23:in `authenticate!'

and here is an image from the localhost application that was running.

Webapplication output once i complete the login form.

Any help on this would be amazing.

Thanks in advance.

Murray Hart
  • 181
  • 1
  • 13
  • I have a similar problem with my Devise strategy for Cognito. But for me it works in my local development environment, while I get the MissingCredentialsError on my staging environment (a heroku application). All the relevant Cognito params are set as well. I should mention, that I UNCHECKED the "generate client secret" on my app client, but still get the error. – morgler May 01 '19 at 20:18

2 Answers2

0

One solution could be to uncheck the option for generating a client secret when you create the app client in the Cognito user pool. This option is checked by default and you have to know to uncheck it (https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html).

By default, user pools generate a client secret for your app. If you don't want that to happen, clear Generate client secret.

It's only possible to uncheck the client secret during the creation of a new client, so you might have to delete your client app and create a new one (not a big deal).

I also collect my learnings on Cognito, Devise, Rails and VueJS in a Medium article: https://medium.com/@morgler/beta-learnings-from-developing-vuejs-quasar-aws-amplify-and-cognito-application-dd38ec58b881

morgler
  • 1,669
  • 1
  • 18
  • 26
0

You are getting this error due to your AWS SDK for Ruby not being configured correctly. That error would likely exist not only for Cognito APIs, but it would exist for any AWS Signature V4 signed API calls. Kindly refer to this documentation to configure your SDK correctly for your application.

Arka Mukherjee
  • 2,083
  • 1
  • 13
  • 27