Summary:
I can't find the Android code to authenticate a Google user with my Cognito User Pool.
Detail:
Here is what I have done so far:
Created a Cognito User Pool and a User Client in that user pool
Created a Google Web App in Google Console
Configured Google as a Federated Identity Provider in my Cognito User Pool (providing Google Client Id and Secret)
Tried the Hosted UI from the AWS Console and verified that I am able to sign in using my Google credentials, the user gets created in the User Pool.
Okay, next step: Implement the sign in flow in Android. I want to implement both Google sign-in as well as username-password signup/sign-in in my Android app. I am able to successfully implement username/password signup and sign-in flow in my app, here is how:
I create a CognitoUserPool instance using my user pool id and user client id
I used methods signUpInBackground and getSessionInBackground of CognitoUserPool and CognitoUser respectively.
Now, I want to enable Google sign in. I cannot find any code on how to do this using CognitoUserPool. I found code samples to do this using Cognito Identity Pool. But I haven't created an Identity Pool and since I am able to login using Google on the Hosted UI sample, I am pretty sure I don't need it.
Questions:
Do I really need an Identity Pool to enable Google sign in on my Android app? Why?
If not, are there any code samples which show how to enable Google sign in using CognitoUserPools?
Any pointers appreciated.
Related
I am trying to move from Google Single-sign-on to Email Link authentication for kids apps since, Google is not allowing use of its single-sign-on for kids apps.
I started with the Firebase Auth UI (for android). The login attempt fails saying: "Firebase login unsuccessful. Account linking failed due to provider not enabled by application". I assume this is because Google Auth provider is not enabled, which is how I want for the next update to the app. If I enable Google Auth as provider, then users can continue to sign in using Google, which I am trying to remove.
I had assumed the accounts would be linked automatically since it is the same email for signin. It does not appear to be the case. Is it a limitation of the Firebase Auth UI for Android, or of Firebase Authentication. If I built my own UI, will it link the accounts without signing in to Google?
Please advice on how to change auth type while keeping the email the same.
I have a Dropbox account which was created by logging in via the Google account. So, my Dropbox account is linked to the Google account.
I have an android application and my users can create their accounts either via Google/Facebook.
The question is,if it is possible for the user to login to our app once via his Google Account, and then using these same underlying google's credentials the user automatically gets logged in to Dropbox Account [Maybe a simple 'OK' button authentication is needed], so that they need not enter their login credentials twice?
I am planning to implement this using oAuth. Any guidance on whether is possible or not will be helpful. I am not expecting code but some guidance.
In general what you are asking is not possible.
The credentials/assertions that Google issues are for a specific app and only that app should accept those credentials.
So when a user signs into your app, you get a credentials from Google that says this is for your app. Also Dropbox accepts credentials from Google that was issued for Dropbox. Your app can not convert one into another (if it could this would be a big security issue e.g. one app could sign into a user's all other apps/account that accept Google credentials for expalple bank account).
What you want to do is integrate with the OAuth Apis that are from Dropbox and when the user is going through them try to prefill information to make the flow easier. If you send "user email" to Google OAuth flow (to get user signed into dropbox) for the same user (who is signed in) they could go through the flow easily. https://developers.google.com/identity/protocols/OpenIDConnect#sendauthrequest
My android app logins with Google Plus, I am trying to integrate it with Cognito. When I run the app, it gives me Cognito Credential Provider ID, and when I login with Google Plus it gives me Google token. I checked my AWS Cognito, and it shows me this.
Unauthenticated connections 3
Google Sign-in 0.
But when it signs in properly with Google, and also provides me Google Token, then where I am doing wrong?
EDIT 1: Here is my code:
Login with Google Plus
Cognito Sync Client Manager
In the future, you may want to include relevant code from your application to better help others assist you.
Have you followed the guide for integrating identity providers?
It's also important to note that the CredentialsProvider does lazy loading, meaning simply adding the token to the provider does not associate the identity. To ensure the token is actually linked to the identity, you can either:
Make a call to another service (for instance the SyncManager) that using this provider (recommended)
Explicitly call refresh on your CredentialsProvider. (only recommended for testing purposes)
Edit 1
Did you add the tests I suggested in my original answer? If so, what if any errors did you receive?
You may want to try some of the following steps to verify your configuration:
Inspect the token via jwt.io. Validate that the azp field of the token matches the value entered into the Cognito console.
Create an OpenId Connect provider via the IAM console, adding all client ids from the Google console. Use this provider instead of the basic Google+ integration in your Amazon Cognito identity pool.
Following the Google Sheets Api examples, I wish to allow the user of my android application to authenticate with his google user account, access a spreadsheet in his google drive account and extract the cell content. So far I have managed to succesfully login with the Google+ Sign in button and have a working GoogleApiClient. From here on it seems unclear how to proceed to use this authentication to authorize the SpreadSheetService to obtain the necessary Sheets feeds. Authorizing with hard coded credentials as in
service.setUserCredentials(USERNAME, PASSWORD);
works and allows me to continue to access the feeds, but is it not possible to use the GoogleApiClient authentication for authorization of this service? Or is there another way to obtain these credentials (i.e. Drive.Query)?
I'm using the Android AccountManager to authenticate a users google account for access to Google Drive. However, I want to allow the user to access Drive accounts that are not on their phone. For example, I have a work google account that is not on my phone, but I would like to use in my app. Is there a way to allow users to authenticate accounts that are not necessarily stored in the AccountManager?
Thanks
Perhaps you could add another Google account to phone and allow user to select which account to use. If this option doesn't satisfy you and you really want to authenticate to Google Drive accounts not on phone you must then use OAuth.
If you also really, but really, want to use AccountManager facility in your app you have to make an account type that behaves like the following:
When you create a new account you open a browser widget and perform an OAuth cycle with Google Drive, then store the token in secure store
When you request a token via getAuthToken() it either releases you the stored token or triggers a token refresh cycle using OAuth
This has its security drawbacks: better perform OAuth cycle without AccountManager and store tokens in app memory