From back end on calling some Cognito API with username and password
it can automatically call the configured User pool Federated Identity
provider to authenticate the user and then generate the JWT token. If
yes can you please refer/guide me please.
This is possible. You can use a combination of the following two references.
Receiving the JWT token from Cognito UserPools
var authenticationData = {
Username : 'username',
Password : 'password',
};
var authenticationDetails = new AmazonCognitoIdentity.AuthenticationDetails(authenticationData);
var poolData = { UserPoolId : 'us-east-1_xxxxx',
ClientId : 'xxxxxxxxxxxxxxxx'
};
var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData);
var userData = {
Username : 'username',
Pool : userPool
};
var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData);
cognitoUser.authenticateUser(authenticationDetails, {
onSuccess: function (result) {
console.log('access token + ' + result.getAccessToken().getJwtToken());
/*Use the idToken for Logins Map when Federating User Pools with identity pools or when passing through an Authorization Header to an API Gateway Authorizer*/
console.log('idToken + ' + result.idToken.jwtToken);
},
onFailure: function(err) {
alert(err);
},
});
Pass the JWT Token to the Cognito Federated Identity Pool via SDK and exchange for AWS Temporary access credentials to perform any action against AWS provisioning.
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'us-east-1:xxxxxxx-xxxx-xxxx-xxxx-xxxxxx',
Logins: {
'cognito-idp.us-east-1.amazonaws.com/us-east-1_xxxxxx': result.idToken.jwtToken
}
});
User present in Identity provider does not exist in AWS user pool. Is
it possible to authenticate the user with configured Identity provider
without the user being present in AWS user pool? If yes then will the
user be created in AWS User pool after authentication?
This is only possible if your external Identity Provider supports SAML Federation.
