0

I have an app that authenticates with Cognito and has been working fine. Now I need to reuse the authentication and returned token to upload files to S3. My understanding is that AWSS3TransferUtility is the way to go at this point. Only it is not clear what needs to be done and how is the token to be passed to S3? Can anyone point to an example? Just using examples available suggesting to do: 

let credentialsProvider = 
CredentialsProvider(regionType:region, identityPoolId:poolId)
let serviceS3Configuration = AWSServiceConfiguration(region:region, credentialsProvider: credentialsProvider)
AWSServiceManager.default().defaultServiceConfiguration = serviceS3Configuration

results in "Unauthenticated access is not supported for this identity pool" assuming that this is because token is not being used and S3 AWS service is not initialized correctly. But I do not see a way to set it ? what am I missing? I can see some examples suggesting setting logins property of credentialsProvider to AWSCognitoLoginProviderKey but seems to be outdated at this point. Any and all help would be greatly appreciated.

kos
  • 1,357
  • 9
  • 21
  • Complete examples can be found here: [https://aws-amplify.github.io/docs/sdk/ios/storage](https://aws-amplify.github.io/docs/sdk/ios/storage) – Don Mar 15 '20 at 18:16
  • isn't this outdated using AWSMobileClient and does not work with AWSCognito – kos Mar 15 '20 at 19:54
  • You may either manually add TransferUtility (instructions are in the link above) or switch to AWSMobileClient (just follow the instructions for Authentication and Storage). It is not outdated and works very well with Cognito. You may be thinking of their MobileHub, which is outdated. – Don Mar 15 '20 at 20:26
  • seems like I may have misunderstood the conflict between AWSMobileClient and AWSCognito, trying to remove AWSCognito and use AWSMobileClient and see if that will work. Although I still do not see token setup for token after cognito login – kos Mar 15 '20 at 21:05
  • without complete rework I am not sure there is an easy way to switch. Is there a way to use AWSCognito and returned session token with AWSS3? – kos Mar 15 '20 at 21:47

1 Answers1

0

S3 configuration with Cognito is a little mysterious. The answers are in the docs but not entirely obvious. The core of getting this to work is registering your AWSMobileClient instance with the configuration.

Simplified code without error checking:

Boot up your AWSMobileClient:

AWSMobileClient.sharedInstance().initialize({ { userstate, error in
    if userstate != nil {
        registerAuthentication(credentialsProvider: AWSMobileClient.sharedInstance())
    }
})

Once completed pass the sharedInstance to AWSServiceConfiguration because AWSMobileClient is-a AWSCredentialsProvider

let DefaultTransferUtilityKey = "DEFAULT_AUTH_KEY"
func registerAuthentication(credentialsProvider: AWSCredentialsProvider) {
    /// only do this once per app launch 

    /// assumes you're using the plist config method
    guard let s3tranferInfo = AWSInfo.default().defaultServiceInfo("S3TransferUtility"),
        let bucketName = s3tranferInfo.infoDictionary["Bucket"] as? String else {
            assertionFailure("failed to load /S3TransferUtility/Bucket key  - is awsconfiguration.json correct ?")
            return
    }

    let transferConfig = AWSS3TransferUtilityConfiguration()
    transferConfig.bucket = bucketName
    if let serviceconfiguration = AWSServiceConfiguration(region: s3tranferInfo.region, credentialsProvider: credentialsProvider) {
        AWSS3TransferUtility.register(with: serviceconfiguration, transferUtilityConfiguration: transferConfig, forKey: DefaultTransferUtilityKey)
    }
}

and once that registration is actually finished you can access the transfer utility via the common key string.

lazy var transferUtility: AWSS3TransferUtility = {
    let utility = AWSS3TransferUtility.s3TransferUtility(forKey: DefaultTransferUtilityKey)
    return utility
}()

Bucket name and region could be strings also but if you're using AWSMobileClient you probably have the plist setup.

Warren Burton
  • 17,451
  • 3
  • 53
  • 73
  • as stated above my understanding is that AWSCognito does not work with AWSMobileClient, or am I wrong on this? adding AWSMobileClient results in build issues – kos Mar 15 '20 at 19:55
  • Ok , my mistake. I assumed you were using AWSMobileClient. I did try to use standalone AWSCognito which like you worked for auth , in my first attempts with S3 upload but gave in and changed to AWSMobileClient – Warren Burton Mar 15 '20 at 21:59
  • by the way it was not me who downvoted the answer. I appreciate your response though. I am using custom UI for login does AWSMobileClient allows for that? I am not seeing it or perhaps I ddi not look hard enough. I really do not want to change auth at this point, but sounds I do not have much choice? – kos Mar 15 '20 at 22:18
  • weekend SO is always a bit grumpy. You can implement a custom UI very easily with AWSMC . There’s very simple login API that you can plug your existing UI into. If you need the JWT token for other purposes that’s still available too. – Warren Burton Mar 16 '20 at 08:53
  • This is the docset that worked best for me https://aws-amplify.github.io/docs/ios/authentication . You don’t need all the pods for custom ui – Warren Burton Mar 16 '20 at 09:04
  • Thanks Warren, will give it a try. Tried to avoid rework. Also in general where do people keep the logic? I was trying to have it done through server so that both web app and mobile app go through one API, seemed to be easier and more flexible solution. Problem was that web app was trying to do everything through lambda which had size limitation. Still thought it made sense to go through server, but did not win that battle. – kos Mar 16 '20 at 14:34
  • Not quite sure what you mean (contextually) by logic but in general I would encourage biz logic to stay server side. It leaves less brittle code to be broken on the client side. Good luck :-) – Warren Burton Mar 16 '20 at 15:36
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/209727/discussion-between-kos-and-warren-burton). – kos Mar 16 '20 at 21:05