I looked it up for a month but couldn't find it. Unity and Google login links, Google and aws cognito links, and cognito and unity links exist, respectively, but I have not found a way to handle them at once.
I could follow this Document and get AWS Credentials. However, it only provides access tokens for authorization, not ID token for authentication.
So, How can I Get AWS Cognito id token From Google Login?
I don't want to use the hosting UI provided by this post. I learned how to get an ID token from a post, but I want to know how to find it without opening an external browser in the app.
Related
I'm very new to using APIs and I'm struggling to figure out the authentication. With my email I can log in to a corporate analytics page and view the information. My account is only at a 'user' level. How do I get access tokens so I can scrape the data from the page using the Google API? Do I need the admins of the page to get these tokens? I tried using the generate access token but I don't know the service account email. Any advice would be appreciated because I'm so confused.
Answer: how do I get access tokens without being an Admin
As long as your personal account has read access you can use Oauht2 to authorize your application and then be able to access the data that way you do not need to be admin.
All your other questions 😊
How do I get access tokens so I can scrape the data from the page using the Google API?
First off if you use Oauth2 in your application and login with your own user you you will be able to use the Google Analytics api as you have read access thats all you need for the Google analytics api in order to request data.
Do I need the admins of the page to get these tokens?
No anyone with read access can authorize an application to access the google analytics api.
I tried using the generate access token but I don't know the service account email.
Service accounts are completely different than normal Oauth2. A service account is a dummy user which needs to be preauthorized to access the data it has nothing to do with your personal access. To preauthorize a service account to access the google analytics api you will need to have admin access to the google analytics account and take the service ac count email address and add it as a user on the google analytics account. It will then have access to read the data.
Any advice would be appreciated because I'm so confused.
Decide if your application should be allowing users to login to it and access the data on their own google analytics accounts. If so then you should be using Oauth2 and not a service account.
If you are only trying to access this single google analytics account then you should be using a service account. However you will need to contact the admin to have them grant your service account access to the data.
I'm trying to develop a React application that will allow users to login with their Azure AD accounts and their Facebook accounts.
The first thing is that I didn't understand about the 2 tabs "User
Pools and Federation Identities". Do I need both to get it done or
just the User Pools is enough?
My goal is just the authentications. I don't want to allow users to access any AWS service. I just want the authentication token.
I already got the user logged in via facebook using the Federation Identities and the Facebook SDK, but I don't know how to keep the user data saved after getting the token from facebook auth. Also is it correct to use the facebook SDK or should I use Cognito to take care of all authentication methods for me?
Do I need both to get it done or just the User Pools is enough?
No. Userpool is more than enough if you just need authentication and do not need to use AWS services.
I already got the user logged in via facebook using the Federation Identities and the Facebook SDK, but I don't know how to keep the user data saved after getting the token from facebook auth.
What user data do you need to save. If you want User's profile data to be saved in Cognito, you need to use Cognito Userpool & not Federated Identities. Add Facebook directly to Userpool. Upon using Facebook login, a user is auto-created in the userpool based on all user data available in the token. See this doc on how to add Facebook to a userpool directly.
Also is it correct to use the facebook SDK or should I use Cognito to take care of all authentication methods for me?
Depends on your use-case. If you just want to add authentication to an app, the best way would be to Add Facebook to a Userpool directly, create an app client in the userpool for your application; enable Facebook for that app client & use Cognito Userpool's built-in UI to login using Facebook. This feature (built-in UI) is called App Integration. After successful Facebook login, a valid token will be sent to your app. Do note that the token sent to your app would be from Cognito.
Client--> Userpool built-in UI --> Redirect to Facebook --> Login using username +password --> Facebook sends its token to Cognito ( https://your-user-pool-domain/oauth2/idpresponse)-->Userpool vends its own token & redirects to the URL mentioned in the redirect_uri.
I just started to learn AWS MobileHub and Cognito feature. I have a project which only required sign-in with Facebook.
In generated sample code I can see the process for user login and everything works fine. I am asking for a public_profile facebook permission and I must have access to user's email address. Now I want to store user's email address and retrieve it every time user login.
Do I need to save this data in dynamodb or cognito
I was wondering federated identity is what I need or I need to create a new user pool?
How can I get user's email address. Can I access it through AWS libraries or I must call the user's graph and ask for these information?
Can I save these data in [AWSIdentityManager defaultIdentityManager]
Is there any sample app displaying how to save information comes from facebook.
What I can see now is AWS got the userName and photo and ID from Facebook. But I can not see where these information come from and where they set up. Do I need to create a new pool and add attribute to that pool? Is there any sample app code with more detail regarding Facebook login?
I have a REST service that my mobile app uses to authenticate when the users click on the Facebook or Google icons.
The service accepts the user's id from the provider and checks if it exists on the database and then issues the access_token to be used for the other methods.
The problem is that I just thought that it could be pretty easy for someone to intercept the calls and discover which service authenticates and what the user id is and then call it with to get a token.
How can I avoid this?
I think you just need to separate the authentication and authorization functions. You can let Google (Google Sign-In) handle authentication. If you follow the API they will securely authenticate the user and send you the token which you can validate.
Once you know who they are for sure, your site can safely authorize that user approriately. For example, they might be an existing user, need to make an account, be an administrator. You can make those authorizations on your site based on the user authenticated by Google (in my example).
Twitter, Facebook and others do the same. Also see OpenID Connect.
I am using Facebook as advertising platform to promote my application on Apple and Google stores. I would like to make windows service which will download daily report(s) about advertising status of my marketing campaign running one Facebook, preferably using 60 day token, or some permanent solution so that token is retrieved when required. I think that i understand everything to do this except how to generate access token to use it with Facebook Graph API. Which token for which Facebook account do I need and how to obtain it?
You'll need a Facebook app and to grant that app the ads_read permission in order to retrieve reports about your advertising efforts via the API (source).
You'll want a long-lived token so that you don't have to re-authenticate very often. The access token documentation details the steps to exchange a short-lived token for a long-lived one.
You may also want to consider managing the app, ad account, and access tokens (via a business system user) with the FB Business Manager.
Create a facebook app.
Go to the Graph API Explorer in Facebook's Tools & Support section.
Pick your app from the drop down.
Hit Get Token > Get User Access Token.
In Select Permissions choose required permissions or select them from extended permissions.
Use the user access token that will be presented to you in the access token form input field.