1

How should I configure the defaultServiceConfiguration, if...

  • I'm using a custom identity provider to authenticate registered users via Cognito. (I don't care who it is until the user is registered to our service with user/password)
  • I want to use Mobile Analytics to track events anytime in the app. (Even for users not registered)

Currently the code for authentication looks like this and is executed lazily, only when a feature reserved for registered users is used:

CustomIdentityProvider *customIdentityProvider = [[CustomIdentityProvider alloc] initWithIdProvider:idProvider
                                                                                          accountId:_accountId
                                                                                     identityPoolId:_identityPoolId
                                                                                            idToken:idToken];
customIdentityProvider.logins = @{idProvider.name:idToken};

AWSCognitoCredentialsProvider *credentialsProvider = [[AWSCognitoCredentialsProvider alloc] initWithRegionType:AWSRegionUSEast1
                                                                                              identityProvider:customIdentityProvider
                                                                                                 unauthRoleArn:nil
                                                                                                   authRoleArn:nil];
AWSServiceConfiguration *configuration = [AWSServiceConfiguration configurationWithRegion:AWSRegionUSEast1
                                                                      credentialsProvider:credentialsProvider];

[AWSServiceManager defaultServiceManager].defaultServiceConfiguration = configuration;

AWSTask * getIdentityIdTask = [credentialsProvider getIdentityId];

In order to use Mobile Analytics anytime in the app, will I have to set defaultServiceConfiguration at startup? But in that case, I don't have the logins yet. How should I authenticate the user without login?

Thanks.

Runo Sahara
  • 715
  • 8
  • 23
  • A very nice [swift tutorial available here](http://shrikar.com/ios-app-development-upload-images-to-aws-s3/) for AWSCognite Authentication & file upload. If you can convert code by refering swift code. – Dipen Panchasara Nov 19 '15 at 09:39
  • Thanks, my problem was specific to developer authenticated identities but nice tutorial anyway, it motivated me to fully use cognito :) – Runo Sahara Nov 20 '15 at 07:57

1 Answers1

1

Cognito has a concept of authenticated and unauthenticated identities, authenticated being when you have provided some login and unauthenticated when you have not. The access rights of these two types of users is defined by the roles you set up for that pool.

It sounds like you want to be able to use Mobile Analytics in either case, which just means you need to make sure that access is allowed in both roles you have for your pool. The default Cognito policies give Mobile Analytics Put Events rights - if you've modified the generated roles, it might be worth confirming that those are there.

With that in mind, you don't necessarily need the logins to get Mobile Analytics access for any user. For whatever additional rights you are giving to authenticated identities, you can update the logins at some later point in the code if need be.

Does that answer your question?

Jeff Bailey
  • 5,655
  • 1
  • 22
  • 30
  • Thanks. I made a custom identity provider with an empty logins, and it seemed to work also after adding my provider to logins and refreshing the credential provider. After knowing that unauthenticated means no logins provided, the "Supporting Transition Between Providers" part of the document became meaningful to me: http://docs.aws.amazon.com/cognito/devguide/identity/developer-authenticated-identities/ – Runo Sahara Nov 20 '15 at 07:45