I'm trying to get authentication working through my API using AWS Cognito with a user pool. I have a user created through an AWS Cognito User Pool and I'm trying to log in with the user.
The error I'm getting is CredentialsError: Missing credentials in config. Specifically it was telling me that I needed an IdentityPoolId. But I can't seem to find this IdentityPoolId in my AWS console. Where the heck do I get this from for my user pool? All I see is a Pool id and a Pool ARN.
Relevant source code:
var aws = require('aws-sdk');
aws.config.update({
region: 'us-east-1',
credentials: new aws.CognitoIdentityCredentials({
IdentityPoolId: '???'
})
});
var authUser = function(params, callback)
{
if (!params || !params.Email || !params._password)
{
callback(new Error('Invalid parameters.'));
return false;
}
var cognito = new aws.CognitoIdentityServiceProvider();
var authParams = {
AuthFlow: 'USER_SRP_AUTH', // not sure what this means...
ClientId: conf.AWSConfig.ClientId,
AuthParameters: {
Username: params.Email,
Password: params._password
}
};
cognito.initiateAuth(authParams, function(err, data)
{
if (err)
{
console.log('Error details: ' + util.inspect(err));
callback(err);
return false;
}
callback(null, {success: true, data: data});
});
}
For the authParams object, I'm not sure what the AuthFlow should be. Looking at http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html#initiateAuth-property it seemed like USER_SRP_AUTH was what I should likely be using.
Edit:
I believe I may have found where to get my IdentityPoolId. I viewed my Federated Identities section and added in the appropriate User Pool under the Authentication Providers section while editing the identity pool.
I associated the Authentication Provider for Cognito to my User Pool that I created by entering the User Pool ID and App Client ID for that user pool. Now with the same code using that Identity pool ID I'm getting the error CredentialsError: Missing credentials in config. It says Unauthorized access is not supported for this identity pool. OK... I'm trying to authorize the user... Do I need to create an Unauthenticated role so that users can authenticate when they're not authenticated? That seems silly if that's what I need to do.
Edit 2:
I should also note that I was able to log in and get an AccessToken as well as an IdToken and RefreshToken using the Javascript SDK (not nodejs). I did this without the need of an IdentityPoolId. The only things I needed were a UserPoolId and a ClientId.
var authenticateUser = function(onSuccessCallback)
{
var authData = {
Username: getUserName(), // gets username from an html text field
Password: getPassword() // gets password from an html password field
};
var authDetails = new AWSCognito.CognitoIdentityServiceProvider.AuthenticationDetails(authData);
var cognitoUser = getCognitoUser();
cognitoUser.authenticateUser(authDetails,
{
onSuccess: function(result)
{
console.log('access token: ' + result.getAccessToken().getJwtToken());
console.log('idToken: ' + result.idToken.jwtToken);
console.log(result);
if (onSuccessCallback && typeof(onSuccessCallback) == 'function')
{
onSuccessCallback(cognitoUser);
}
},
onFailure: function(err)
{
// UserNotConfirmedException: User is not confirmed.
console.log('authError');
alert(err);
}
});
}
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://i.stack.imgur.com/ebcIY.png', '推荐 做自己的国王 的文章《AWS - nodejs SDK - CognitoIdentityServiceProvider.》','https://www.manongdao.com/article-2183157.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}