Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement API to fetch a User's Cognito Group #413

Closed
rommank opened this issue Feb 27, 2021 · 8 comments
Closed

Implement API to fetch a User's Cognito Group #413

rommank opened this issue Feb 27, 2021 · 8 comments
Labels
auth Issues related to the Auth Category feature-request A request for a new feature or an enhancement to an existing API or category.
Projects
Issues Triaging

Comments

@rommank
Copy link

rommank commented Feb 27, 2021 

    try {
      String result = await Amplify.Auth.fetchUserAttributes().then(
        (list) {
          return list
              .firstWhere(
                  (element) => element.userAttributeKey == 'cognito:groups')
              .value
              .toString();
        },
      );
    } on AuthException catch (e) {
      print(e.message);
    }

Is there another way to find out user's group?
@haverchuck haverchuck added auth Issues related to the Auth Category feature-request A request for a new feature or an enhancement to an existing API or category. labels Mar 1, 2021
@haverchuck
Copy link
Contributor

haverchuck commented Mar 1, 2021
edited

@rommank Currently, I do not believe Cognito exposes a non-Admin API to get a user's groups. However, they are included in the idtoken. I am marking this as a feature request so that we can possible implement a solution on our end , but in the interim you can get these values with a jwt library such as jwt_decode. (This isn't necessarily an endorsement of that library over others- it's simply for the purposes of example.)

import 'package:jwt_decode/jwt_decode.dart';
...
void _fetchSession() async {
    try {
      CognitoAuthSession res = await Amplify.Auth.fetchAuthSession(
          options: CognitoSessionOptions(getAWSCredentials: true));
      // Grab the idtoken from the response
      String token = res.userPoolTokens.idToken;
      // Parse the JWT
      Map<String, dynamic> payload = Jwt.parseJwt(token);
      // Access the groups
      List groups = payload['cognito:groups'];
      print(groups);
    } on AmplifyException catch (e) {;
      print(e);
    }
 }

@rhamnett
Copy link

rhamnett commented Mar 4, 2021

My raw jwt token does not contain the group:

{sub: a027998a-718d-46da-80a0-xxxxxxxxxxx, aud: 45qhp1cnsmgd3xxxxxxxxx, email_verified: true, event_id: 5e17a1a9-24b6-4cb1-b04b-765b5fea99fd, token_use: id, auth_time: 1614853289, iss: https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_OWblHxxxx, cognito:username: a027998a-718d-46da-80a0-cb5xxxxxxx, exp: 1614856889, iat: 1614853289, email: xxx@xxxxxxx.com}

@rommank
Copy link
Author

rommank commented Mar 4, 2021

My raw jwt token does not contain the group:

{sub: a027998a-718d-46da-80a0-xxxxxxxxxxx, aud: 45qhp1cnsmgd3xxxxxxxxx, email_verified: true, event_id: 5e17a1a9-24b6-4cb1-b04b-765b5fea99fd, token_use: id, auth_time: 1614853289, iss: https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_OWblHxxxx, cognito:username: a027998a-718d-46da-80a0-cb5xxxxxxx, exp: 1614856889, iat: 1614853289, email: xxx@xxxxxxx.com}

Have you assigned a Cognito Group to your user? Because, if not, your payload is not going to have "cognito:groups".

@rommank
Copy link
Author

rommank commented Mar 4, 2021

@rommank Currently, I do not believe Cognito exposes a non-Admin API to get a user's groups. However, they are included in the idtoken. I am marking this as a feature request so that we can possible implement a solution on our end , but in the interim you can get these values with a jwt library such as jwt_decode. (This isn't necessarily an endorsement of that library over others- it's simply for the purposes of example.)

import 'package:jwt_decode/jwt_decode.dart';
...
void _fetchSession() async {
    try {
      CognitoAuthSession res = await Amplify.Auth.fetchAuthSession(
          options: CognitoSessionOptions(getAWSCredentials: true));
      // Grab the idtoken from the response
      String token = res.userPoolTokens.idToken;
      // Parse the JWT
      Map<String, dynamic> payload = Jwt.parseJwt(token);
      // Access the groups
      List groups = payload['cognito:groups'];
      print(groups);
    } on AmplifyException catch (e) {;
      print(e);
    }
 }

Thanks for the solution!

@rhamnett
Copy link

rhamnett commented Mar 4, 2021
edited

Seem I rebuilt the environment at some point and was without a group :) cheers

@SalahAdDin SalahAdDin mentioned this issue Apr 9, 2021
Closed
@SalahAdDin
Copy link

@rommank Currently, I do not believe Cognito exposes a non-Admin API to get a user's groups. However, they are included in the idtoken. I am marking this as a feature request so that we can possible implement a solution on our end , but in the interim you can get these values with a jwt library such as jwt_decode. (This isn't necessarily an endorsement of that library over others- it's simply for the purposes of example.)

import 'package:jwt_decode/jwt_decode.dart';
...
void _fetchSession() async {
    try {
      CognitoAuthSession res = await Amplify.Auth.fetchAuthSession(
          options: CognitoSessionOptions(getAWSCredentials: true));
      // Grab the idtoken from the response
      String token = res.userPoolTokens.idToken;
      // Parse the JWT
      Map<String, dynamic> payload = Jwt.parseJwt(token);
      // Access the groups
      List groups = payload['cognito:groups'];
      print(groups);
    } on AmplifyException catch (e) {;
      print(e);
    }
 }

I support the new feature from the API.

@haverchuck With the new Amplify version i'm getting the next error:
A value of type 'AuthSession*' can't be assigned to a variable of type 'CognitoAuthSession'.

@offlineprogrammer offlineprogrammer added this to Pending Triage in Issues Triaging via automation Sep 2, 2021
@offlineprogrammer offlineprogrammer moved this from Pending Triage to Feature Requests in Issues Triaging Sep 2, 2021
@Jordan-Nelson Jordan-Nelson changed the title User's Cognito Group is not exposed via Amplify.Auth.fetchUserAttributes() Implement API to fetch a User's Cognito Group Mar 9, 2022
@Jordan-Nelson
Copy link
Contributor

@SalahAdDin if you are seeing that in the following assignment

CognitoAuthSession res = await Amplify.Auth.fetchAuthSession(
  options: CognitoSessionOptions(getAWSCredentials: true));

I believe you just need to cast it to a CognitoAuthSession as fetchAuthSession returns AuthSession.

CognitoAuthSession res = await Amplify.Auth.fetchAuthSession(
  options: CognitoSessionOptions(getAWSCredentials: true)) as CognitoAuthSession;

The documentation shows this cast as well. I am not sure if this changed at some point in time. Apologies if it did.

@Mikopet Mikopet mentioned this issue Jun 12, 2022
Closed
@dnys1
Copy link
Contributor

dnys1 commented Oct 17, 2022

Please see this discussion for how to do this in the current stable (^0.6.0) and dev-preview (^1.0.0-0) versions. In the latest dev-preview version, this is very simple now:

final session =
    await Amplify.Auth.fetchAuthSession() as CognitoAuthSession;
final idToken = session.userPoolTokens!.idToken;
final userGroups = idToken.groups;

At the moment, we have no plans to add further APIs for retrieving the user groups.

@dnys1 dnys1 closed this as completed Oct 17, 2022
Issues Triaging automation moved this from Feature Requests to Closed Oct 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth Issues related to the Auth Category feature-request A request for a new feature or an enhancement to an existing API or category.
Projects
No open projects
Issues Triaging
Closed
Milestone
No milestone
Development

No branches or pull requests
6 participants
@SalahAdDin @rhamnett @haverchuck @Jordan-Nelson @dnys1 @rommank