-
Notifications
You must be signed in to change notification settings - Fork 50
Lookup idp based on user email #1325
Replies: 2 comments · 14 replies
-
The developers of the AWS SDKs aren't necessarily experts on particular AWS services like Cognito but it appears the operations you're looking for are:
So potentially something like: suspend fun getIdentityProviders(userDomain: String): Flow<String> {
// Lookup domain
val domainResp = cognitoIdentityProviderClient.describeUserPoolDomain {
domain = userDomain
}
// Get user pool ID
val domainUserPoolId = domainResp
.domainDescription
?.userPoolId
?: error("User pool not found for $userDomain")
// Get identity providers
return cognitoIdentityProviderClient
.listIdentityProvidersPaginated { userPoolId = domainUserPoolId }
.providers
.map { it.providerName }
} |
Beta Was this translation helpful? Give feedback.
All reactions
-
I've tried implementing your suggestion but I'm getting a crash.
The code is failing on the initial domainResp and returning the following error... |
Beta Was this translation helpful? Give feedback.
All reactions
-
You will need to configure AWS credentials. I'm not sure how Amplify exposes credentials and if you can re-use those, but generally they are sourced from environment variables / an AWS config file. You might find reading through our Getting Started pages to be helpful. |
Beta Was this translation helpful? Give feedback.
All reactions
-
We have a working version on iOS but our developer found a bug and raised the issue on that side of things. I've implemented the Kotlin equivalent and am getting the same error.
I'm reaching the catch block with the error Failed to get identity provider details: No identity could be resolved from the chain: CredentialsProviderChain -> EnvironmentCredentialsProvider -> ProfileCredentialsProvider -> StsWebIdentityProvider -> EcsCredentialsProvider -> ImdsCredentialsProvider Is it possible that this SDK could have the same bug as the Swift SDK? You can find that bug report at aws-amplify/amplify-swift#3743 (comment) if it might help. |
Beta Was this translation helpful? Give feedback.
All reactions
-
That error is telling you that the client was not able to find any AWS credentials after checking with those providers. This is not a problem with the AWS SDK for Kotlin. It might be a problem with the amplify-android project's use of the SDK, I would recommend reaching out to them for more help. |
Beta Was this translation helpful? Give feedback.
All reactions
-
Thank you! Here's the entire stack trace in case that helps. I'll reach out to the amplify-android team and see if they can help.
|
Beta Was this translation helpful? Give feedback.
All reactions
-
Hi all, I'm on Amplify Android team. I think the core of the issue here, regardless of credential provider used, is that an attempted call is being made to 169.254.169.254 over http instead of https and cleartext traffic is not allowed. While attempting to replicate the customer issue, I noticed that I could not bypass this issue by setting a custom network security config on the device. This may be a configuration in the OkHttp client created by the AWS Kotlin SDK. SDK team, can you provide guidance on how to pass a custom OkHttp Client that would allow clear text traffic just to see what other credential issues we need to work against. I'm not entirely sure what authorization level is required to access |
Beta Was this translation helpful? Give feedback.
All reactions
-
@tfreeman82 I had originally made a mistake in having multiple devices launched and in my testing, didn't realize I was testing on the wrong device. You can create your own client and auth provider with code like this:
This code then presented me with this error:
This indicates that my signed in user does not have the proper role to perform this request. You may need to evaluate what type of credentials are necessary for making this request and how to provide them (ex: custom endpoint). |
Beta Was this translation helpful? Give feedback.
All reactions
-
I think I follow but I'm confused as to why it would be working with amplify-swift on iOS using the exact same logic that I added above. Is it possible that there's that big of a difference between dependencies? |
Beta Was this translation helpful? Give feedback.
All reactions
-
Ok, I added the provided logic into my method that returns the identity provider client and got a network on main exception on my finally block where I call cognitoClient?.close. Once I comment that out, it works perfectly! Do I need to close the client and, if so, any thoughts on why I would be getting that exception when these are all in suspend functions run from a coroutine?
|
Beta Was this translation helpful? Give feedback.
All reactions
-
If you are going to be making this call often, I would suggest lifting the client out of the method so that you are only creating it once for multiple calls. You do not need to call close after each call. I would suggest calling close when you no longer need the client anymore just to clean up resources. As far as networking on main thread, please make sure you are launching that method on Dispatchers.IO, not Dispatchers.Main. Android doesn't allow networking on the main thread, or blocking the main thread for any other reason. |
Beta Was this translation helpful? Give feedback.
All reactions
-
I've wrapped my call to close the identity client in a withContext block on Displatchers.IO and it works perfectly! I really appreciate all the assistance that you guys have provided me! |
Beta Was this translation helpful? Give feedback.
All reactions
-
🚀 2
-
I asked this question on the amplify-android repo and it was suggested that I ask the question here too.
Is there any way to lookup which idp is needed for a user based on the domain of their email address without using the hosted web UI?
We currently use the hosted web UI with a field for the corporate id. The user enters their email in this field and, when they press the sign in button, their idp is found and they're redirected to it for final authentication.
We would like to adjust our existing native login screen to handle this same behavior but I've scoured the documentation and can't find any clear way to handle this. Is it possible at all and, if so, can you point me in the right direction?
I've tried getting an instance of the CognitoIdentityProviderClient from Amplify using
val cognitoAuthService = Amplify.Auth.getPlugin("awsCognitoAuthPlugin").escapeHatch as AWSCognitoAuthService val cognitoIdentityProviderClient = cognitoAuthService.cognitoIdentityProviderClient
It appears that the escape hatch provides a way to fetch a list of all idp's associated with our user pool but not a way to query for the idp that matches the domain of the users email.
I've been trying to figure out how the hosted web ui is able to handle this, which is what we currently use, but I haven't had any luck.
Beta Was this translation helpful? Give feedback.
All reactions