0

I am managing an application written in Node.js (restful backend) and React (frontend) and use AWS Cognito for user authentication.

In the frontend, I have a form which requests my backend to delete a user. The only information the frontend can send me is the username (email in my case) and an access token which I sent to the frontend after a successful login.

Now I want to delete a user. Until now, I tried it with the deleteUser method (see Use case 13 in the js documentation).:

const poolData = {
    UserPoolId: process.env.COGNITO_USER_POOL_ID,
    ClientId: process.env.CLIENT_ID
};
AWS.config.region = process.env.AWS_DEFAULT_REGION;
const userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData);

// ...

router.post('/deleteUser', (req, res) => {
   var userData = {
      Username: req.body.email,
      Pool: userPool
   };
   var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData);
   if (cognitoUser == null) {
      res.status(400).send('User not found');
      return;
   }
   cognitoUser.deleteUser(function(err, result) {
      if (err) {
         res.status(400).send('Could not delete user');
      } else {
         res.status(200).send('Deleted user');
      }
   });
});

This throws an error in the error block of deleteUser section with Error: User is not authenticated. I need to firstly authenticate the user but I won't get the password from the frontend to do so. I just have the access token it can provide me.

How can I authenticate the user with the provided token? Or am I misunderstanding a concept here? If so, what am I doing wrong?

Any help will much appreciated.

dildik
  • 405
  • 6
  • 16
  • I suspect your backend should leverage its IAM role that permits Cognito admin and call `cognito.adminDeleteUser(UserPoolId, Username)`. – jarmod Oct 21 '21 at 01:35
  • @jarmod But I want my user to be authenticated by the JWT token. Isn't it possible to get the user by it's token? – dildik Oct 21 '21 at 06:48

0 Answers0