Oh my, this is by far the best video on how to integrate Cognito! I've done some long journey to your video and liked the way you explained it, sure I am subscribed after this nice job...
Amazing Video ! But, I want to know how to do the Sign Up, Login & other MFA if I already have a existing backend in AWS Cognito . And have the below details of the existing backend :- aws_cognito_identity_pool_id: aws_cognito_region: aws_user_pools_id: aws_user_pools_web_client_id: I hope this question will generate curiosity in you. Please make a separate vdo on this topic
why implicit grant rather than Authorization code grant? Aws doesn't recommend using Implicit Grant. Would love to see someone using Authorization code grant
Thanks for the tutorial. How would you recommend setting up the callback url so that it is localhost during local development and your hosted site in production environments?
hii, i am new with cognito, So i want to when you successful do login using above, is our data like email, name etc also gets stored in DynamoDB or not. beacuse i have successfull done above stuff and also i am able to see user in user-pool, but that same data is not visable in DynamoDB. thankuuu so much
Great Video! I have the exact same setup for an application and I also want to use other services from the Google API such as profile or calendar of a user. Does the cognito session also include an access token to google API stuff? Problem is that I don't want to ask the user twice to log in to his google account to get access to the required resources. Or is asking the user again for the required scopes the only way to retrieve the access token for the google APIs?
I've been looking for this tutorial for a long time as in my company is currenty migrating its user base to a serverless solution using Cognito with Social Sign In + Trigger Lambdas. We ran into the question of what happens if a user signs up using an external IdP and later they sign up organically with username/password credentials. From what we've seen is that Cognito creates two user accounts with the same email that are not related to one another, which that's pretty confusing and could lead to potential errors for user data synchronization between accounts, specially when updating user attributes and with ID Token generations as they may not have the same claims. Is there a way to link external users with native users or how should we handle this edge case? Thank you!
Hey Gabriel, Great question. This is a very similar topic to what I am currently researching for a project I'm working on. So far, I've discovered a neat functionality called 'AdminLinkProviderForUser'. This API allows you to 'link' users together when they sign in using a SSO provider. I believe you would have to use some kind of Lambda hook that calls the API, perhaps at the 'Pre-Sign Up' and 'Pre-Authentication' points. I haven't tried any of this myself, but looks to be the right way to go. I'll be trying it out in the coming weeks though. If you come up with another approach please email me - I'd love to know how you did it. Link for AdminLinkProviderForUser - docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html Hope this helps and thanks for the question, Daniel
Why wouldn't you use the Identity Pool instead of the User Pool, for so-called 'Identity', right (?). What's the difference? So if I understand correctly, when you configure to 'federate' that is passing the providers (cognito user, google, etc) through the cognito identity pool anyway. Just different facades, configuration, etc, for that process.
Hi Michael, Identity Pools are a bit of a confusing concept in Cognito. The name is a misnomer - in fact, I recall being in an AWS talk where a engineer from the cognito team "wished they could have picked a different name for identity pool". That being said, Identity pools actually allow users to be granted IAM credentials for access to AWS services in your account after the authentication step (i.e. using your user pool). Hope this clears up the confusion.
Really awesome video tutorial. I'm still a bit confused with AWS Cognito pricing. It states the first 50,000 MAU (Monthly Access Users) is free, but it's unclear as to whether OAuth2 i.e. Google is also part of that free tier or whether there are additional charges. Would you know? Thank you.
Hey, The email of your user is marked as not verified. How do you managed to verify it? The hosted ui didn't prompt you to insert any code, nor cognito sent you an email with a code, like it normally does. I'm stuck!
I found the article really handy, thank you. But I do have a HUGE issue, and you might have it too. First signup with google, creates the user in the pool and works fine. But if, on a different browser you try with the same google user to login, you get an ERROR: [redirect-url]?error_description=Invalid+user+attributes%3A+email%3A+Attribute+cannot+be+updated.%0A+&error=invalid_request It seems to be caused by the fact that email is required.
Learn how to use a Cognito User pool to authenticate users via API Gateway! ua-cam.com/video/oFSU6rhFETk/v-deo.html
Hi, how to redirect after social login successfully logged in and callback to Application activity?
I am struggling to get callback.
Oh my, this is by far the best video on how to integrate Cognito! I've done some long journey to your video and liked the way you explained it, sure I am subscribed after this nice job...
You're very welcome!
It's a beautiful video, Its definitely underrated
Thank you so much!
its a great video. thank you so much for sharing all these info !
You're very welcome!
Well explained, thanks
You're very welcome!
Thank you for that video, that was exactly what i was looking for!
You're very welcome Alex!
Amazing Video !
But, I want to know how to do the Sign Up, Login & other MFA if I already have a existing backend in AWS Cognito .
And have the below details of the existing backend :-
aws_cognito_identity_pool_id:
aws_cognito_region:
aws_user_pools_id:
aws_user_pools_web_client_id:
I hope this question will generate curiosity in you.
Please make a separate vdo on this topic
awesome topic !!!!! thank you
You're very welcome!
Can you please make a video on preventing multiple logins per user with Cognito? it's a lacking feature currently and people are struggling.
Hi Damian,
This is certainly something I can look into making a video on. Thanks for raising this topic!
Dziękujemy.
Thank you so much for your generosity!
Thank you so much.
Dammit, man, thank you!!!
You're very welcome!
helpful
Which application type should I choose If I'm creating a cross platform app in using react native ?
Please create video on AWS Kendra..
why implicit grant rather than Authorization code grant? Aws doesn't recommend using Implicit Grant. Would love to see someone using Authorization code grant
How to do this for an Android app instead of a Web app?
I don't want to use hosted UI, please make a video on using your own UI with callbacks, as it's really confusing
whys there no sign-up using google option?
Hello , how would be the way to go without relying at all in the hosted UI?
In classic AWS fashion, it's been more than fifteen minutes, so NOTHING in the Console looks or is named the same
Thanks for the tutorial. How would you recommend setting up the callback url so that it is localhost during local development and your hosted site in production environments?
use ngrok or something while using localhost
hii, i am new with cognito, So i want to when you successful do login using above, is our data like email, name etc also gets stored in DynamoDB or not.
beacuse i have successfull done above stuff and also i am able to see user in user-pool, but that same data is not visable in DynamoDB.
thankuuu so much
How can we get refresh token?
Hi , is this configuration can I use custom application? Like php Laravel application
Great Video! I have the exact same setup for an application and I also want to use other services from the Google API such as profile or calendar of a user. Does the cognito session also include an access token to google API stuff? Problem is that I don't want to ask the user twice to log in to his google account to get access to the required resources. Or is asking the user again for the required scopes the only way to retrieve the access token for the google APIs?
Beast
I've been looking for this tutorial for a long time as in my company is currenty migrating its user base to a serverless solution using Cognito with Social Sign In + Trigger Lambdas. We ran into the question of what happens if a user signs up using an external IdP and later they sign up organically with username/password credentials. From what we've seen is that Cognito creates two user accounts with the same email that are not related to one another, which that's pretty confusing and could lead to potential errors for user data synchronization between accounts, specially when updating user attributes and with ID Token generations as they may not have the same claims.
Is there a way to link external users with native users or how should we handle this edge case?
Thank you!
Hey Gabriel,
Great question. This is a very similar topic to what I am currently researching for a project I'm working on.
So far, I've discovered a neat functionality called 'AdminLinkProviderForUser'. This API allows you to 'link' users together when they sign in using a SSO provider. I believe you would have to use some kind of Lambda hook that calls the API, perhaps at the 'Pre-Sign Up' and 'Pre-Authentication' points.
I haven't tried any of this myself, but looks to be the right way to go. I'll be trying it out in the coming weeks though. If you come up with another approach please email me - I'd love to know how you did it.
Link for AdminLinkProviderForUser - docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html
Hope this helps and thanks for the question,
Daniel
Why wouldn't you use the Identity Pool instead of the User Pool, for so-called 'Identity', right (?). What's the difference?
So if I understand correctly, when you configure to 'federate' that is passing the providers (cognito user, google, etc) through the cognito identity pool anyway.
Just different facades, configuration, etc, for that process.
Hi Michael,
Identity Pools are a bit of a confusing concept in Cognito. The name is a misnomer - in fact, I recall being in an AWS talk where a engineer from the cognito team "wished they could have picked a different name for identity pool". That being said, Identity pools actually allow users to be granted IAM credentials for access to AWS services in your account after the authentication step (i.e. using your user pool). Hope this clears up the confusion.
Really awesome video tutorial. I'm still a bit confused with AWS Cognito pricing. It states the first 50,000 MAU (Monthly Access Users) is free, but it's unclear as to whether OAuth2 i.e. Google is also part of that free tier or whether there are additional charges. Would you know? Thank you.
Hi Ken, I believe social sign on providers are included in the 50,000. Hope this helps.
@@BeABetterDev Thank you
SAML is not included in the free limit
Hey, The email of your user is marked as not verified. How do you managed to verify it? The hosted ui didn't prompt you to insert any code, nor cognito sent you an email with a code, like it normally does. I'm stuck!
Hi Giulio - Cognito should send you a confirmation email. Maybe try to check your spam folder?
you have to map email_verified as is name & given_name
I found the article really handy, thank you.
But I do have a HUGE issue, and you might have it too. First signup with google, creates the user in the pool and works fine. But if, on a different browser you try with the same google user to login, you get an ERROR: [redirect-url]?error_description=Invalid+user+attributes%3A+email%3A+Attribute+cannot+be+updated.%0A+&error=invalid_request
It seems to be caused by the fact that email is required.