My android app logins with Google Plus, I am trying to integrate it with Cognito. When I run the app, it gives me Cognito Credential Provider ID, and when I login with Google Plus it gives me Google token. I checked my AWS Cognito, and it shows me this.
Unauthenticated connections 3
Google Sign-in 0.
But when it signs in properly with Google, and also provides me Google Token, then where I am doing wrong?
EDIT 1: Here is my code:
Login with Google Plus
Cognito Sync Client Manager
In the future, you may want to include relevant code from your application to better help others assist you.
Have you followed the guide for integrating identity providers?
It's also important to note that the CredentialsProvider does lazy loading, meaning simply adding the token to the provider does not associate the identity. To ensure the token is actually linked to the identity, you can either:
Make a call to another service (for instance the SyncManager) that using this provider (recommended)
Explicitly call refresh on your CredentialsProvider. (only recommended for testing purposes)
Edit 1
Did you add the tests I suggested in my original answer? If so, what if any errors did you receive?
You may want to try some of the following steps to verify your configuration:
Inspect the token via jwt.io. Validate that the azp field of the token matches the value entered into the Cognito console.
Create an OpenId Connect provider via the IAM console, adding all client ids from the Google console. Use this provider instead of the basic Google+ integration in your Amazon Cognito identity pool.
Related
I currently have two methods for creating a user account using FirebaseUI, these are EmailAndPassword and Google's option.
When utilizing the Email and Password way the account is not automatically verified but when doing it with google it gets automatically verified... Is there a way to prevent google from doing this?
All the code I use is provided by Firebase's documentation and I didn't find anything about this specific issue there.
Is there a way to prevent google from doing this?
No. When you choose to use an auth provider other than Firebase Auth's own email/password, you are implicitly trusting that provider to have already validated that user. With Google, the account's email address is provided by Google itself (via gmail, obviously), so no email verification needs to be done. Google has other ways of validating the user account in ways that don't necessarily involve email.
If you don't trust Google's validation of the user, then don't use them as an auth provider.
Summary:
I can't find the Android code to authenticate a Google user with my Cognito User Pool.
Detail:
Here is what I have done so far:
Created a Cognito User Pool and a User Client in that user pool
Created a Google Web App in Google Console
Configured Google as a Federated Identity Provider in my Cognito User Pool (providing Google Client Id and Secret)
Tried the Hosted UI from the AWS Console and verified that I am able to sign in using my Google credentials, the user gets created in the User Pool.
Okay, next step: Implement the sign in flow in Android. I want to implement both Google sign-in as well as username-password signup/sign-in in my Android app. I am able to successfully implement username/password signup and sign-in flow in my app, here is how:
I create a CognitoUserPool instance using my user pool id and user client id
I used methods signUpInBackground and getSessionInBackground of CognitoUserPool and CognitoUser respectively.
Now, I want to enable Google sign in. I cannot find any code on how to do this using CognitoUserPool. I found code samples to do this using Cognito Identity Pool. But I haven't created an Identity Pool and since I am able to login using Google on the Hosted UI sample, I am pretty sure I don't need it.
Questions:
Do I really need an Identity Pool to enable Google sign in on my Android app? Why?
If not, are there any code samples which show how to enable Google sign in using CognitoUserPools?
Any pointers appreciated.
I am trying to move from Google Single-sign-on to Email Link authentication for kids apps since, Google is not allowing use of its single-sign-on for kids apps.
I started with the Firebase Auth UI (for android). The login attempt fails saying: "Firebase login unsuccessful. Account linking failed due to provider not enabled by application". I assume this is because Google Auth provider is not enabled, which is how I want for the next update to the app. If I enable Google Auth as provider, then users can continue to sign in using Google, which I am trying to remove.
I had assumed the accounts would be linked automatically since it is the same email for signin. It does not appear to be the case. Is it a limitation of the Firebase Auth UI for Android, or of Firebase Authentication. If I built my own UI, will it link the accounts without signing in to Google?
Please advice on how to change auth type while keeping the email the same.
Is there a way I can use Google credentials to get basic user info like
Email, Name, Gender
and use them in my application? Its like allowing user to login into my application using Gmail.
I asked the same here.
But the answer says:
You should not use Gmail for user authentication using Google
accounts. You can use Google + Sign-in for Android instead. This will
allow you to access the user's profile information upon getting the
required permissions using OAuth. Check out the guide here:
which i followed and everything worked fine.
But if a Gmail account has no GooglePlus profile, My application asks to create a GooglePlus account. Which makes me think I implemented a GooglePlus Login instead of Gmail Login.
Is the answer for my other question right? Meaning without a GooglePlus profile you cannot have a Gmail Login in Android?
If not how can I have a Google Login in my application?
A similar question here, with no replies.
Please help. Thank You
Try article on this Url : http://nilvec.com/implementing-smtp-or-imap-xoauth-authentication-in-java.html.
I think this will help you
I wouldn't confuse a "gmail" account and a "Google+" account as being different things. Really what you want is for a user to authenticate with their "Google account", which spans many services.
On Android, the easiest way to build authentication with Google accounts is to use the Google Play Services SDK, which includes services like Google sign in.
Google+ documents an end-to-end approach to using Google Play Services SDKs that cover the issues that you asked about by using the PlusClient:
Setting up the client
Getting the user's email address using either PlusClient.getAccountName() or the REST methods.
Getting the user's profile info using the PlusClient.loadPerson()
Documentation for using Google's OAuth2 to authenticate a user are provided at https://developers.google.com/accounts/docs/OAuth2Login. As the page notes, however, you and your users get additional features if they use a Google+ account and the Google+ Sign-in, but this is not necessary.
The scopes required are
https://www.googleapis.com/auth/userinfo.profile for name and gender
https://www.googleapis.com/auth/userinfo.email for the user's email address
Update: I should amend that these scopes are now deprecated, and scheduled for removal. See the URL above for details.
I implemented this: http://android-developers.blogspot.fi/2013/01/verifying-back-end-calls-from-android.html and then wanted to make the app ask the full name of the user from google servers.
I can get the id_token all right, pass it to the backend, verify it and get the user id and email from the token, but I don't seem to be able to find any way to turn the id_token to a token I could use to authenticate on google servers and request personal info from the profile scope. The google apps-app has the permissions to use the scopes, so as soon as I can understand how to get an auth-token, asking the info shouldn't be a problem.
Is it at all possible to access the google servers with this token, or must I ask for a separate auth token for the personal info.
You should ask for a separate auth token for the personal info. The user has to explicitly grant permission for your app to see things like their name, gender, etc.