2

I am doing research on Cognito User Pool, Federated Identities and DynamoDB. In order to achieve fine grained access control, I have to use Cognito Identity Id in my DynamoDB table because anything in user pool cannot be referred in IAM Policy. It is worth mentioning that ${cognito-identity.amazonaws.com:sub} refers to identity id and not the “sub” which we see in Cognito user pool.

The question is that how will I map the item in DynamoDB to the user contact?

For example, consider a scenario, if a user of my application has a pending payment and if I have to contact him regarding payment. Or if a user has reported a problem and I have to lookup his data to do a typical customer support.

Jon Saw
  • 7,599
  • 6
  • 48
  • 57
user253684
  • 71
  • 4

1 Answers1

0

As you can already get the app user's data from your database with her unique Cognito identity id, all that's left is to get the user's email address. You can do this in a couple of ways. I'll use Android as an example.

You could parse the JWT id token for the email attribute.See this Stack Overflow answer for details:

Parse JWT token payload data to get certain value in android/java

Alternatively, you could do it this way:

CognitoUserPool userPool = new CognitoUserPool(context, userPoolId, clientId, clientSecret);

CognitoUser user = userPool.getUser(userId);

GetDetailsHandler handler = new GetDetailsHandler() {
    @Override
    public void onSuccess(final CognitoUserDetails list) {
        // Successfully retrieved user details
        Map mDetails = list.getAttributes().getAttributes();
        String email = mDetails.get("email").toString(); // your user email address
        // do stuff with the email address
    }
};
user.getDetails(handler);

From the AWS docs: https://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-android-sdk.html

CertainPerformance
  • 356,069
  • 52
  • 309
  • 320
Excel r 8
  • 105
  • 6