I'm signing users into my app with a custom token using their WordPress ID.
Auth.auth().signIn(withCustomToken: customToken ?? "") { (user, error) in
// ...
}
That works ok but I need to update the rules which will keep users from writing to the database. This is counterproductive because I want to track the products they view etc...
I want to sign the user anonymously when the app opens.
Auth.auth().signInAnonymously() { (authResult, error) in
// ...
}
I need to link the anonymous user to the WordPress user. Unfortunately, according to the documentation https://firebase.google.com/docs/auth/ios/account-linking the user needs to be linked with a credential but the credentials provided are GoogleAuthProvider, FacebookAuthProvider and EmailAuthProvider and several others but no Custom Provider.
Is it possible to create a credential out of the custom token?
The examples you see in the documentation are not (in theory) the only options. Look at the API documentation for link():
Associates a user account from a third-party identity provider with this user and returns additional identity provider data.
It's signature in Swift is this:
func link(with credential: FIRAuthCredential, completion: ((AuthDataResult?, Error?) -> Void)? = nil)
It takes any FIRAuthCredential, of which there are many subclasses available. One of those is OAuthCredential. If you have custom token, try creating a credential with OAuthProvider.crediential() and link that to the account.
Following Doug Stevenson and Frank van Puffelen comments, I was able to link the anonymous user account using a credential.
I have my original customToken
guard let customToken = result?.data as? String else { return }
Because the user signs in now anonymously when the app first opens, I now have a user.
guard let authUser = Auth.auth().currentUser else { return }
I get the provider id from the user.
let providerId = authUser.providerID
With the provider id now I can get a credential using OAuthProvider
let credential = OAuthProvider.credential(withProviderID: providerId, accessToken: customToken)
Now I can link the user to the anonymous user.
authUser.link(with: credential) { (result, error) in
Related
I use Firebase Authentication to authenticate with Twitter.
I would like to post to Twitter using the access token obtained when I authenticated with "signin ()" below.
How long is this access token valid?
I did not understand it even after checking it, so I will ask you here.
Thank you.
private var provider: OAuthProvider?
init() {
provider = OAuthProvider(providerID: "twitter.com")
}
func signin() {
provider?.getCredentialWith(nil) { credential, error in
guard let credential = credential, error == nil else {
return
}
Auth.auth().signIn(with: credential) { result, error in
guard error == nil else {
return
}
let credential = result?.credential as! OAuthCredential
let accessToken = credential.accessToken
let accessTokenSecret = credential.secret
}
}
}
Credentials in Firebase do not 'expire' per se. Once a user signs in according to the Firebase Docs, a user's token will only expire when:
The user is deleted
The user is disabled
A major account change is detected for the user. This includes events like password or email address updates.
So, you should not sign a user in every time the app opens. You only need to sign in once, then whenever the app opens up the user will still be signed in.
I have followed this tutorial to implement a login with custom provider on an Azure mobile app. The backend works perfectly but when I try to login to my new custom controller I'm not able to do it. It's possible to implement it with Xamarin and also with java Android but is no way to do it with Objective C or Swift.
The object MSClient on Microsoft Azure mobile SDK only has two login implementations.
I have tried both but without luck, the callback always returns an empty client.
I also have tried to store the token created by own API use it for login call but without luck again.
Here is my Swift code:
let client = MSClient(applicationURLString: "https://myApp.azurewebsites.net")
client.login(withProvider: "custom", urlScheme: "myApp", parameters: ["username": "pau", "password": "123456"], controller: self, animated: true) {user, error in
print("USER", user)
print("ERROR", error)
}
We found a solution, it's really easy but the msclient documentation is not clear enough. You just need to pass whatever you need (i.e: username,password) as dictionary in token parameter.
Client.msClient.login(withProvider: "auth", token: params, completion: {user, error in
print("USER", user)
print("ERROR", error)
print("USER ID", user?.userId)
print("TOKEN", user?.mobileServiceAuthenticationToken)
if let user: MSUser = user {
guard let username: String = user.userId else { return }
guard let token: String = user.mobileServiceAuthenticationToken else { return }
Client.username = username
Client.msClient.currentUser = user
completion(true)
}else {
completion(false)
}
})
I am trying to create a user login system for an iOS application written Swift 3. With the code below I get the unique Cognito Identity ID for the user in my User Pool but I am not sure what to do with this ID. Can I link it to the user and get the attributes associated with that user?
Code:
#IBAction func loginPressed(_ sender: Any) {
user = self.pool!.getUser(usernameTextField.text!)
user?.getSession(usernameTextField.text!, password: passwordTextField.text!, validationData: nil).continue({ task in
if let err = task.error { // some sort of error
print("LOGIN FAILED")
print(err)
//print(err.userInfo["message"] as! String)
}
else { //Successful login!
// this gets our token from the User Pool
let ret = task.result! as AWSCognitoIdentityUserSession
let myToken = ret.idToken?.tokenString;
print("Token: ", myToken);
let customcedentialProvider = AWSCustomIdentityProvider(tokens: [AWSCustomIdentityProvider.CognitoTokenKey : myToken!])
let credentialsProvider = AWSCognitoCredentialsProvider(regionType: CognitoConstants.COGNITO_REGIONTYPE, identityPoolId: CognitoConstants.COGNITO_IDENTITY_POOL_ID, identityProviderManager: customcedentialProvider)
let configuration = AWSServiceConfiguration(region: CognitoConstants.COGNITO_REGIONTYPE, credentialsProvider:credentialsProvider)
AWSServiceManager.default().defaultServiceConfiguration = configuration
// wipe cached creds
credentialsProvider.clearKeychain()
credentialsProvider.clearCredentials()
// hit it
credentialsProvider.getIdentityId().continue({ (task: AWSTask!) -> AnyObject! in
if (task.error != nil) {
print("Error: ")
} else {
// the task result will contain the identity id
let UserIdentityID = task.result as String? // Im saving user identity id in constant variable called "kUserIdentityID"
print(UserIdentityID)// my identityID
print(credentialsProvider.identityId)// my identityID
}
return nil
})
}
return nil
})
}
Output (Identity ID):
Optional("us-east-1:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX")
Thanks!
Cognito UserPool is an "identity provider" like Facebook, Google etc. Whereas Cognito Federated Identity helps to keep the mappings between different logins to one unique id, which is often called "Cognito Identity ID". Typically you store and retrieve data inside datasets under Cognito Federated identity. And sync those for multiple logins. If I understand your question, you may want to store the userpool "username" in the above mentioned dataset so that you can retrieve it and query the userpool
The self.pool refers to your Cognito User Pool. User pools have at least a username and password, but usually also other attributes, which you can fetch using user.getDetails. A user pool is an IdP (an Identity Provider).
The identityId is a Cognito Identity concept which primarily has the purpose of providing a unique id for one or more identities from IdP's.
Don't worry about being confused. Cognito is very confusing, I found it so confusing that I wrote up a little powerpoint presentation from my notes. Here is a link to a diagram that should help you.Diagram of Cognito
Also, I would like to suggest that you use the AWS Mobile Hub Helper as a starting point. It will download a swift code sample app. And the sample code uses the aws-mobilehub-helper-ios wrapper which simplifies a lot of the SDK and makes it more rational. The downloaded code is Swift2 but it is not too hard to get running in swift 3.
I have nearly completed the process for a developer authenticated sign in using AWS. I cannot seem to authenticate the back-end token that I receive and cannot seem to find any current implementations that are performing developer authentication via a third-party back-end. The error that I get is listed below.
As of right now my code looks like this:
Class containing Custom identity provider:
import Foundation
import AWSCognitoIdentityProvider
class CustomIdentityProvider: NSObject, AWSIdentityProviderManager {
var tokens: [NSString: NSString]?
init(tokens: [NSString: NSString]) {
self.tokens = tokens
}
#objc func logins() -> AWSTask<NSDictionary> {
return AWSTask(result: tokens! as NSDictionary)
}
}
AWS-APIManager.swift {snippet}
/* obtained cognito token from my back-end via getOpenIdTokenForDeveloperIdentity*/
/* From here I my app receives an IdentityId and Token */
let client_cognito_id = String(describing: valid_response)
let session_token = json.dictionaryValue["Token"]!
let login_with_amazon = NSString(string: "cognito-identity.amazonaws.com")
let token = NSString(string: String(describing: session_token))
let customProviderManager = CustomIdentityProvider(tokens: [login_with_amazon: token])
let credentialsProvider = AWSCognitoCredentialsProvider(
regionType: self.AWS_REGION,
identityPoolId: "us-east-1:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
identityProviderManager: customProviderManager
)
credentialsProvider.setIdentityProviderManagerOnce(customProviderManager)
credentialsProvider.getIdentityId().continue ({ (task: AWSTask!) -> AnyObject! in
if (task.error != nil) {
print("Error!!!: " + (task.error?.localizedDescription)!)
} else {
// the task result will contain the identity id
let cognitoId = task.result
print(cognitoId)
print("SUCCESS!!!")
}
return nil
})
}
For some odd reason odd reason I can cannot authenticate the token that I have received. I get an error "Invalid login token. Can't pass in a Cognito token.". I've tried to follow the documentation and piece together working code that I have found literally hundreds of sources and cannot seem to be able to move past this part of the authentication process. Any help would be greatly appreciated. Thanks!
I believe the issue here is that although you are supplying the token, you are not setting the identity id that you are getting from your backend. As such, it is calling GetId with a Cognito OpenIdConnectToken, which is not supported.
The simplest client implementation of Developer Authenticated Identities is to extend AWSCognitoCredentialsProviderHelper
Apologies for providing this in Objective C instead of Swift. In your implementation just override the token method.
- (AWSTask<NSString *> *)token {
//get the identity id and token from your server
//You can use AWSTaskCompletionSource if you don't have it and need to get it asynchronously.
//Once you have this information, simply set the identity id and return the token
self.identityId = identityId;
return [AWSTask taskWithResult:token];
}
I've set up Firebase authentication for my iOS app using Facebook, Google & email/password sign in and it's all working fine. This authentication only happens when the user wants to access high-priority parts of my app (i.e. I don't require users to sign in to start using the app).
On app start up, I sign users in anonymously in the background and that's working fine too.
I've read the documentation but I'm struggling to understand the code required to enable me to link an anonymous account to a Facebook/email signed in account in the following flow:
new user opens app
user signed in anonymously in the background (new user.uid "A" created)
low priority data stored against anonymous user in Firebase realtime DB
user hits a high-priority area so needs to authenticate
user signs in using Facebook (new user.uid "B" created)
previous user.uid "A" needs to be linked to user.uid "B"
My method currently looks like this:
func signupWithFacebook(){
// track the anonymous user to link later
let prevUser = FIRAuth.auth()?.currentUser
FBSDKLoginManager().logInWithReadPermissions(["public_profile", "email"], fromViewController: self) { (result, error) in
if let token = result?.token?.tokenString {
let credential = FIRFacebookAuthProvider.credentialWithAccessToken(token)
FIRAuth.auth()?.signInWithCredential(credential, completion: { (user, error) in
if user != nil && error == nil {
// Success
self.success?(user: user!)
dispatch_async(dispatch_get_main_queue(), {
self.dismissViewControllerAnimated(true, completion: nil)
})
}
})
}
}
}
Any pointers to remove the confusion would be great.
UPDATE:
I've realised I was confused about the app logic because of users being created during testing. Instead of 2 separate users being created for the above scenario (one authenticated via Facebook and another anonymously), all that happens is that the original anonymous user.uid "A" is "linked" to some Facebook authentication credentials. In the Firebase console this is shown by the anonymous uid changing from anonymous to one with the Facebook logo next to it.
This is what my working method looks like:
func signupWithFacebook(){
FBSDKLoginManager().logInWithReadPermissions(["public_profile", "email"], fromViewController: self) { (result, error) in
if let token = result?.token?.tokenString {
let credential = FIRFacebookAuthProvider.credentialWithAccessToken(token)
FIRAuth.auth()?.currentUser!.linkWithCredential(credential) { (user, error) in
if user != nil && error == nil {
// Success
self.success?(user: user!)
dispatch_async(dispatch_get_main_queue(), {
self.dismissViewControllerAnimated(true, completion: nil)
})
} else {
print("linkWithCredential error:", error)
}
}
}
}
}
So your code follows the first 2 steps in this link. But the documentation explicity says not to call signInWithCredential but instead call
FIRAuth.auth()?.currentUser.linkWithCredential(credential) { (user, error) in
// ...
}
After getting your credential from Facebook's SDK.
Quote from link: "If the call to linkWithCredential:completion: succeeds, the user's new account can access the anonymous account's Firebase data."