AWS Cognito User Pool and Facebook Integration - android

Having trouble understanding the authorization flow of FB users and AWS Cognito User Pools. I have followed this guid.
facebook login app has my redirect uri https://<cognitoname>.auth.us-east-1.amazoncognito.com/oauth2/idpresponse
aws cognito has my facebook appid and secret
Two issues:
1) I'm expecting when my android app authenticates with fb (via login button), the fb server sends something to my userpool adding that user. that is not happening. I dont see a method in the CognitoUser object to do this on my end with the loginResult from fb. No user is getting created in the userpool upon fb auth.
2) Assuming a fb user were to be created in my pool, how would I call getSessionInBackground without the password? It does not look like the android Congito Classes have a way to handle this.
Also, i am able to log in a fb user to a federated identity but i dont think that is what i want unless its part of the user pool process.

Based on your description of use case, you may first use Cognito Android Auth SDK to get authenticated and store the tokens. Then you may use Cognito Android CUP SDK to call getSessionInBackground.
Also a quick tip:
CUP Android SDK: The Adv Security, Adaptive Auth, and new MFA support is available from version 2.6.9
Cognito Auth Android SDK: The Adv Security support is available from version 2.6.9. The Adaptive Auth and new MFA support will be available through Springboard on the supported regions.

Related

Authenticate social identity federation user to AWS Userpool? - Android

We have used com.amazonaws:aws-android-sdk-cognitoidentityprovider:2.6.8 SDK for username and password based login and register flow. Following the approach mentioned here https://docs.aws.amazon.com/cognito/latest/developerguide/tutorial-integrating-user-pools-android.html. Sign up and Login Process is working as required.
For Facebook and Google authenticate through federation, We do not want to use the hosted UI for this purpose and are not using federated identities. We had followed this link https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html.
We have setup user pool with an application client and a user pool
domain.
Setup Facebook as a social identity provider.
Added android call back URL to mobile.
First Approach
We look into CognitoSyncDemo Sample application, It was using federated identity so we had to discard it. We are just using federation in userpool.
Second Approach
We have used the webview and load the below URL. The URL takes me directly to Facebook, after authentication, it returns me back to redirect URL with access_token, auth_type, expires in and id_token. But no refresh token.
URL https://yourdomain.auth.us-east-1.amazoncognito.com/oauth2/authorize?redirect_uri=redirect_app_path&response_type=code&client_id="client_id"&identity_provider=Facebook
But there is a problem using this approach. I couldn't find a way to push the access token to cognitoUserSession in SDK which is managing a user session. So every time I sign up with Facebook (using webview), there is no session maintain in SDK. Hence I am redirected to login view again. How to ensure the Facebook user is authenticated and signed in by cognitoidentityprovider? How to create user session in SDK when getting access_token and id_token?
Third Approach
We tried to use the Cognito Auth Demo https://github.com/awslabs/aws-sdk-android-samples/tree/master/AmazonCognitoAuthDemo. For this, we have to add another library com.amazonaws:aws-android-sdk-cognitoauth. After clicking on sign in, it used to take us to hosted-ui. After looking into similar IOS project, we made tweaks in android library project (com.amazonaws:aws-android-sdk-cognitoauth for android). We added identity_provider in URI for sign in. It then takes us directly to Facebook on chrome tab. After authentication, it set the session in our application. But it has own authentication object which is AuthSession but previously we were using CogintoUserSession for normal sign up. AuthSession is do not have User Attributes and nor offer any get user details or authentication handlers. If we use this approach, then how to link AuthSession with CognitoUserSession and manage user session in the application?
Summary
In short, We had tired AWS samples, it is taking us to web-based hosted UI. We need to authenticate a user via Facebook to userpool using only federation identity provider. We need to maintain session in Cognito SDK without affecting our username and password based login flow. We want to open Facebook directly or on webview in our application on button click, authenticate the user and maintain session in the application using only Cognito SDK.
To connect to user pool i had included aws-android-sdk-cognitoidentityprovider. But if you need to add social sign up, you need to add cognitoauth as well.
Ensure cognito sdk version are same otherwise you might run into complication error.
As per the need of project, i need identity provider to pass into sdk so it could directly navigate directly to my social identity provider page. But current sdk version '2.6.24' didn't provided me with this provision. I had downloaded the android-sdk-cognitoauth sdk from awslab github and included in my project. I alter Auth.java class added identity provider variable in it.
Next step, i alter AuthClient.java method launchCognitoAuth. I place additional condition to check if identity provider present or not. Then i set it in sign in uri.
if (pool.getIdentityProvider() != null) {
builder.appendQueryParameter(ClientConstants.DOMAIN_QUERY_PARAM_IDENTITY_PROVIDER, pool.getIdentityProvider().toString());
}
After making above alteration, i can configure identity provider through my app in auth.builder(). The hack worked, i directly navigated to my provider page. After authentication, sdk set session it self.
To sum up, I found difference between android and ios project implementation. In iOS project, aws has given provision to add identity provider directly. I followed the flow of ios project and made tweak to android congitio-auth project. The difference has been reported as well to aws-sdk-android-sample issues.

Facebook Graph API Integration into my API

I am developing an API that will be used solely for a mobile app, the mobile app allows users to log in via facebook and grant the app permission to access the users facebook friends list and post on their wall.
However I have some confusion as to where I integrate into the API and where the app developers integrate. I assume the login with facebook part is done by the app developers, who then pass the facebook access token into the API for it to store/retrieve friend list and make posts on the users wall.
Am I correct in assuming this? And if so can I test my part the implementation by retrieving friends list without having the app developers do their part first?
Thanks
First you have to register your app with your facebook id in developer.facebook.com then you will get the app id which you have to put into facebook login that generate access token for the process
To make any call to the Facebook API you need an app ID. after receiving it, you can make calls to the API from your controller using the Facebook php SDK

Guidelines for Facebook SDK login in Android

I would like some pointers about how to integrate Facebook login into my app and backend. I would like to use the credentials that Facebook gives me (as the user authenticates) to sign all the requests that the app does to my back-end.
But then token might expire? I am not sure what would be the correct workflow. How should I link the Facebook identity of someone to his identity in my own app?
I found the correct link, here's the official tokens docs.

Auth token for evernote account configured in evernote app in android

I have a code working to search for content in evernote account using evernote sdk. Currently i get auth token for an account after the user gives her credentials and authorizes my app. But i dont want the user to type in credentials for an account that she has already configured in the evernote app in her android device. I want to get the auth directly from the evernote app(like dropbox and facebook sdk provides). So i want the flow to be,
Check for evernote app installed and an account is configured in it
If yes, then get the auth token from evernote app itself with only allow/deny page(note without showing the username/password page)
3.If no, then go to the browser and continue in the normal way.
How can I do this? Any Help ..
This is not something that the Evernote Android SDK supports yet.
The only supported authentication mechanism as of now is OAuth and that requires the user to enter their credentials on a webview and authorize your app.
The Evernote Android SDK is open source and you can look around the source on github and submit changes.
The functionality you propose would require the main Evernote app to register an Android Custom Account (just like Facebook's or Dropbox's apps do), and I'm not sure they have any plans to support that yet.

How to use facebook test users from android

I need help using the facebook test users from android.I am using the facebook android sdk and i need to be able to login as a test user and do actions like publish to the stream. I do not want to use the developer account associated with this application since it is my personal account. I realize that test users can only be created using api calls and such a call returns the login url, i understand how to use this in a browser but how can i use it in my android application. Can i create a dummy account and work with that account or is this against facebook policy.
Test users can also be created with GUI - not only by API calls. GUI is useful if You need to handle just few users. If there is a plenty of them - it is easier to use API and perform it programatically.
How to handle test users by FB GUI:
Go to FB developer site, where You created FB Application
on application tab, click Edit Roles
At the bottom of the page there is 'Test users' section where all test users are listed. This is where test users can be created and edited. Each user has option to log in as this user, change his name and set password next to his profile photo.
You have to set user's password to be able to login as him
Use his profile email address and password to login - it is also possible from Your app
You can create a dummy account but this is against FB policy and FB really does everything to make it harder to You :) This is not an option. Use test users.
If more info is needed on the topic - see my article, regarding test users strategy.
All the detail see on the official FB page
See an open bug in facebook. You can't login as test user with native Android app, but login with m.facebook.com should work
https://graph.facebook.com/me?access_token=ACCESS_TOKEN
where the access_token is the token from when the user approved your app. Found it here.

Categories

Resources