AWS user pool authentication with external OIDC IdP

1
votes

I'm working on a node/express backend for an app. The authentication process is already setup with Auth0 and passport. But we need to use AWS now...

I've followed these docs and successfully tested the custom endpoint referenced at the end of the article: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-oidc-idp.html

but from here I'd like to connect to a identity pool in order to access AWS services. I keep getting errors, and though I can see the users in the AWS 'user pool', they aren't showing up in AWS 'identity pool'.

i was calling AWS using:

AWS.config.credentials = new AWS.CognitoIdentityCredentials({
     IdentityPoolId: IDENTITY_POOL_ID,
     Logins: {
       "cognito-idp.<region>.amazonaws.com/<user-pool-id>":
         id_token_from_provider,
     },
   })

the main error I keep getting is that the 'login token is invalid: issuer doesn't match the provider id'.

Any help is appreciated...

1
amazon-web-servicesamazon-cognitoopenid-connect

1 Answers

0
votes

after some more digging: found this nice walkthrough by Auth0, https://auth0.com/docs/integrations/integrating-auth0-amazon-cognito-mobile-apps

I've skipped the user pool integration and am just using cognito for the 'identity pools'

my credentials map changed some as well:

 AWS.config.credentials = new AWS.CognitoIdentityCredentials({
    IdentityPoolId: "IDENTITY_POOL_ID",
    Logins: {
      "<PROVIDER_NAME_FROM_IAM": id_token,
    },
  })