Comments (9)
@antonostrovsky
I've got it working. Once you got the id tokens you need to get to the identity pool to get the credentials
Here is what you may need to do next.
you need to extract AccessKeyId, SecretKey, SessionToken from the creds variable. Hope this helps
cognito = boto3.client("cognito-identity", region)
id = cognito.get_id(
AccountId=account_id,
IdentityPoolId=identity_pool_id,
Logins={identity_provider_name: id_token},
)
creds = cognito.get_credentials_for_identity(
IdentityId=id["IdentityId"], Logins={identity_provider_name: id_token}
)
from warrant.
Hi @flycast @petergerten @abal09 and others
I've managed to setup Cognito user pool and identity pools. I'm also able to authenticate and I get back id_token, access_token, refresh_token, Pool_JWK (This contains a couple of RSA keys with Key_id and Key_secret) but I am not able to use any of these to connect to S3 bucket.
Could you please help or share links on how I could use these tokens to access AWS services?
Thank you all for taking the time to help
from warrant.
Follow up on this.
It does not seem to matter what policies I give the role that is assigned to the group in the Cognito User Pool. I detached all policies from the role assigned to the group - that group now has no policies, any user in the group cannot do anything.
What matters is the role the IAM user has that is the credentials of boto3. IF I give that user IoT access then the script can publish to IoT. If I remove IoT access from the role attached to the IAM user that provides boto3 credentials then the script cannot do anything.
What is wrong here?
I don't understand what the value of Cognito is if the role attached to the User group is ignored?
Please let me know, I am trying really hard to make Cognito work. I am positive that I am doing something wrong - that it is not Cognito.
from warrant.
@flycast did you solve this. I also don't understand. I can login with cognito - but how to make use of the tokens for other services like S3, IoT ?
from warrant.
Nope. I gave up.
from warrant.
@petergerten @flycast you guys have a missing piece in Cognito Identity Pool and this has nothing to do with warrant. Identity Pool needs to be attached to the User Pool and this Identity Pool will generate temporary AWS credentials to be used to access various AWS resources.
https://codeburst.io/the-difference-between-aws-cognito-userpools-and-federated-identities-9b47571795d4
This gives a decent general overview.
from warrant.
Same issue here. I am getting 'IdToken', 'RefreshToken, 'AccessToken', 'TokenType' and it is not obvious at all how to use them for Boto3 authentication
from warrant.
@vimalpatnaik Thank you for getting back to me!
Where does the account_id come from?
In my case I am receiving a token from warrant.AWSRP:
AWSSRP(username, password, user_pool_id, application_client_id)
This mimics AWS Amplify's SigV4 authentication through a login page.
All the application needs to supply is username, password user_pool_id and application_client_id
from warrant.
Sorry, just read in the docs that AccountId is an optional parameter, so it wasn't necessary!
from warrant.
Related Issues (20)
- SRP doesn't authenticate reliably with client secret HOT 2
- how to use the access token for http api calls to lambdas with cognito authorisers? HOT 3
- Response has no 'ResponseMetaData' , then this line will throw exception
- OAuth2 Authorization
- COGNITO_JWKS
- Returning Custom Attribute Value HOT 1
- To add 'MessageAction' parameter to admin_create_user
- admin_delete_user should be able to delete any user
- storing id_token and refresh_token in session?
- Is this project unmaintained? HOT 11
- SRP auth fails with NoCredentialsError HOT 5
- Install warrant ERROR HOT 3
- credentials is waiting on stuff HOT 1
- Integrate Poetry with Warrant HOT 1
- Fix Travis CI
- release version > 0.6.1 to Pypi to address import warnings
- Negative salt causes a crash
- CVE-2018-15560
- Support SOFTWARE_TOKEN_MFA challenge in AWSSRP
- Can't access custom attributes HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from warrant.