3

I'm using AWS Cognito for user management. I want to generate auth token for user without providing password. Is there any way to do this? From aws-sdk or aws-amplify.

I have found AdminInitiateAuth method from aws-sdk but it requires password.

Thanks in advance !!

Shivam Kubde
  • 545
  • 1
  • 8
  • 17
  • After adding google auth to my app which uses cognito user pool I came to understanding that is possible, but will need to utilize oauth protocol and provided external provider which will speak with cognito and retrieve the token. Good starting point is to check out how google oauth is integrated with cognito. – Townsheriff Dec 18 '21 at 12:43

2 Answers2

1

One possible way to do that by using a database and serverless (lambda & API gateway) assistance.

One have to provide the password for the first time to get refresh token.

Refresh token has longer lifespan than id or access token. So you can save refresh token database (dynamodb, RDS).

After that we can apply for new id or access token without providing password but by providing saved refresh token.

This link , you will see how refresh token helps to get id or access token without providing password.

Hope that will help you.

Saiful Azad
  • 1,823
  • 3
  • 17
  • 27
  • This does not address how you are going to get refreshToken with saved refreshToken. – Townsheriff Dec 16 '21 at 17:03
  • Do not save the refresh token in your database. Refresh tokens give full, long-lasting access to an API, similar to passwords. You wouldn't store an unencrypted password in your database so don't do the same with tokens. And you can't hash a token like you do a password because you need the cleartext value to send to the API. – Tamlyn Jun 27 '23 at 11:08
0

If you want users to be able to access aws resources without password, you can use the Unauthenticated identity feature.

Ninad Gaikwad
  • 4,272
  • 2
  • 13
  • 23