3

I have a cognito user pool and identity pool. I have created an user in user pool. I got the tokens i.e. access, refresh, id tokens using lambda for that user. Now I want to generate the temporary credentials i.e. access key and secrete access key for that user to access the aws services. How could I do this? This is piece of code i used to generate tokens. 

var authenticationDetails = new cognito.AuthenticationDetails(authenticationData);

    var userData = {
        Username : '*****',
        Pool : userPool
    };

var cognitoUser = new cognito.CognitoUser(userData);
    cognitoUser.authenticateUser(authenticationDetails, {
        onSuccess: function (result) {
console.log(result);

what changes should i do in this to get credentials? Thank you....

ThomasP1988
  • 4,597
  • 3
  • 30
  • 36
ABCD
  • 730
  • 1
  • 13
  • 31
  • HI @Vivek, How to get `access, refresh, id tokens` ? – Private Aug 17 '18 at 17:43
  • To get tokens u must have user created then Authenticate the user. Example : https://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-javascript-examples.html – ABCD Aug 20 '18 at 06:13
  • Yeah got that @Vivek . Thanks for responding – Private Aug 20 '18 at 06:14

1 Answers1

2

IN the below code i am retrieving tokens along with temporary cred's based on federated identities.

var data = {
  UserPoolId: YOURUSER_POOL_ID,
  ClientId: YOURAPP_CLIENT_ID,
};
var userPool = new cognito.CognitoUserPool(data);
var cognitoUser = userPool.getCurrentUser();
if (cognitoUser != null) {
  cognitoUser.getSession(function(err, session) {
    if (err) {
      console.log(err);
      return;
    }

    console.log('session validity: ' + session.isValid());
    console.log('session Identity token: ' + session.getIdToken().getJwtToken());

    AWS.config.region = YOURREGION;
    AWS.config.credentials = new AWS.CognitoIdentityCredentials({
      IdentityPoolId : YOURIDENTITY_POOL_ID, 
      Logins : {
        // Change the key below according to the specific region your user pool is in.
        'cognito-idp.YOURREGIONNAME.amazonaws.com/YOURUSERPOOLID': session.getIdToken().getJwtToken()
      }
    });

    AWS.config.credentials.get(function(err,data) {
      if (!err) {
        var id = AWS.config.credentials.identityId;
        var key = AWS.config.credentials.accessKeyId;
        var secretkey = AWS.config.credentials.secretAccessKey;
        var sessionToken = AWS.config.credentials.sessionToken;
        console.log('Cognito Identity ID '+ id);
        console.log('Cognito Key '+ key);
        console.log('Cognito Secret Key '+ secretkey);
        console.log('Cognito SessionToken '+ sessionToken);
      }
    });
  });
}

Change the necessary parameters according to yours.

Hope it might help you

Private
  • 1,661
  • 1
  • 20
  • 51
  • Thanks! The part I was missing was `AWS.config.credentials.get()`. I saw my credentials were already expired and I was confused. Where did you find this in the documentation? – The Unknown Dev Mar 06 '19 at 03:44