0

Building a simple application using the examples on their github page. I can log into my application using Cognito. What I can not do is logout because no matter what I try I can't get a hold of the user object. I've dorked around with various other calls to no avail (found here on their API page). The only other post on SO I found isn't applicable because I'm not using Federated Identity. The code I'm using is pretty much verbatim what's on the github page, but will post here for convenience:

login code: 

        var userName = $('#user_name_login').val();
    var userPassword = $('#user_password_login').val();

    var userData = {Username: userName, Pool : userPool};
    var cognitoUser = new AWSCognito.CognitoIdentityServiceProvider.CognitoUser(userData);

    var authenticationData = {Username : userName, Password : userPassword};
    var authenticationDetails = new AWSCognito.CognitoIdentityServiceProvider.AuthenticationDetails(authenticationData);

    cognitoUser.authenticateUser(authenticationDetails, {
        onSuccess: function (result) {

            // now that we've gotten our identity credentials, we're going to check in with the federation so we can
            // avail ourselves of other amazon services
            //

            // critical that you do this in this manner -- see https://github.com/aws/amazon-cognito-identity-js/issues/162
            // for details
            var loginProvider = {};
            loginProvider[cognitoCredentialKey] = result.getIdToken().getJwtToken();

            AWS.config.credentials = new AWS.CognitoIdentityCredentials({                   
                IdentityPoolId: identityPoolId,
                Logins: loginProvider,
            }); 

            // //AWS.config.credentials = AWSCognito.config.credentials;
            // AWSCognito.config.credentials = AWS.config.credentials;

            // //call refresh method in order to authenticate user and get new temp credentials
            // AWS.config.credentials.refresh((error) => {
            //     if (error) {
            //         alert(error);
            //     } else {
            //         console.log('Successfully logged in!');
            //     }
            // });

            // this is the landing page once a user completes the authentication process. we're getting a
            // temporary URL that is associated with the credentials we've created so we can access the
            // restricted area of the s3 bucket (where the website is, bruah).
            var s3 = new AWS.S3();
            var params = {Bucket: '********.com', Key: 'restricted/pages/user_logged_in_test.html'};
            s3.getSignedUrl('getObject', params, function (err, url) {
                if (err) { 
                    alert(err); 
                    console.log(err);

                }
                else {
                    console.log("The URL is", url);
                    window.location = url;
                }

            });

        },

        mfaRequired: function(session){
            new MFAConfirmation(cognitoUser, 'login');
        },

        onFailure: function(err) {
            alert("err: " + err);
        },

    });

I'm attempting to logout by executing:

userPool.getCurrentUser().signOut();

Note that the userPool and such are defined in another file, and is initialized thusly: 

    var poolData = {
    UserPoolId : '*****', 
    ClientId : '*****' 
};

var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);

so how do I sign my users out of the application?

snerd
  • 1,238
  • 1
  • 14
  • 28
  • Just before you attempt to sign out, if you type `localStorage.getItem('CognitoIdentityServiceProvider..LastAuthUser')` in the browser's console, does it show the current username? – Khalid T. Jun 07 '17 at 08:04
  • no it shows null. I have verified that the CLIENT_ID is correct – snerd Jun 07 '17 at 18:10

1 Answers1

0

closing this as the issue, as stated here, turned out to be a red herring. if you're doing what I was trying to do above in using cognito to generated a signed url to access an html file located in a restricted 'folder' in the bucket and you want to be able to logout from that new window location, make sure the signed url is of the same domain as your landing page.

for example, if you land at foo.com because you've got an A or CNAME DNS record set up so that your users don't have to hit a doofy cloudfront or s3 generated url in order to get to your website, you need to make sure you ALSO generate a signed URL that has the same domain name. Otherwise you won't be able to access the bucket. Moreover - you won't be able to access your user object because the session object is keyed to a different domain name than the one you're currently at.

see this for information on how to specify what the domain of the signed url should be.

and also note that there's a lot of trouble you can get into if you are using a third-party domain registar. I just burned two weeks unborking myself because of that :-/

snerd
  • 1,238
  • 1
  • 14
  • 28