Facebook/Google signup to User Pool

[Abeansits]

To help us solve your problem better, please answer the following list of questions.

• What service are you using?
  Cognito

• In what version of SDK are you facing the problem?
  2.6.22

• Is the issue limited to Simulators / Actual Devices?
  No

• Can your problem be resolved if you bump to a higher version of SDK?
  No

• Is this problem related to specific iOS version?
  No

• How are you consuming the SDK? CocoaPods / Carthage / Prebuilt frameworks?
  Carthage

• Can you give us steps to reproduce with a minimal, complete, and verifiable example? Please include any specific network conditions that might be required to reproduce the problem.
  N/A

If you need help with understanding how to implement something in particular then we suggest that you first look into our developer guide. You can also simplify your process of creating an application by using Mobile Hub.

---

So this ticket might be a feature request at worst or simple guidance at best.
We use a Cognito User Pool and have in the past integrated with Facebook & Google using external Federated Identities.
We are now in the process of switching to using only the User Pool to signup and login users but would like to still allow for FB & Google login.

So far we have enabled the providers under Federation in the Cognito console and hooked up the FB/G SDK into our iOS project.
When a user logs into FB/G we receive an auth token, how do we go about creating an Cognito user from that auth token?
There seems to be no native API available for us to do that and no documentation mentions this as well. Calling signup on AWSCognitoIdentityUserPool requires a password but that is not something we have for a FB/G user.

Worth noting is also that we have our own UI for the signup & login flow and would not like to use the stock UI.

[minbi]

Hi @Abeansits ,

The service API does not currently support this feature. We will let the service team know that you are interested. The Cognito Hosted UI available in the cognitoauth library has the feature if you are interested in web UI.

[Abeansits]

Thanks for answering my question @minbi.
Yes that feature would be very useful so we could design our own UI. The hosted web UI in an in-app browser is a little janky.

[jaxondu]

Much needed feature.

[Swirek89]

Hello,

is there a way to create user in User Pool with auth token from Google without hosted UI?
For example manually calling https://example.auth.region.amazoncognito.com/ endpoints?

And by the way how it is going with topic's feature development?

[mutablealligator]

@Softmaker Sorry! we have this feature only with HostedUI.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[rprieto]

Hi, does the assignment mean there might an update on this topic?

Many mobile users use the Facebook native app (not the mobile site). Showing the hosted UI means it will likely prompt them for Facebook credentials since they don't have a web session. It makes more sense to do the federation natively between our app and the Facebook app.

Cognito Identity Pools support this (registering a user based on their Facebook token), however there are cases where Identity Pool is not suited, e.g. when you require a JWT token instead of AWS credentials. Thanks!

[rohandubal]

Hello @rprieto

In our Cognito Auth SDK, we recently released support for SFAuthenticationSession,

With this, if you use the IdentityProvider value as Facebook it will share the logged in session of the user from the app/ safari and re-use it. Is this the use-case you are looking for? You can have a Facebook button in your app which calls Cognito Auth w/ Facebook directly and then the session credentials can be shared without login.

Thanks,
Rohan

[Birowsky]

@rohandubal I'm waiting on this feature for Cordova apps, but even if it's not implemented there, if you built a mechanism that solves the issue here, but requires some custom work, please provide details, I'm willing to do whatever it takes to adapt it for Cordova and finally have social auth there.

[Olli2401]

I would also need the feature that one can signup a user using facebook token without using the HostedUI, as this might not fit into the applications style. Is there any update planned on this so far?

If not, what would be a workaround for now? Using AWS Cognito IdentityPools?

[unmeshk75]

We are looking at ways to have users sign-in (or sign-up) using their Google or FB login credentials into our iOS (and Android) apps that use Cognito User Pools. We have our own screen for sign-up and sign-in, since the stock ones don't let us customize to our needs.
Upon the first sign-in (or through a separate sign-up screen), we want the user to be created in our Cognito pool and be tied to external ID provider.
Can this be done today? Is this feature expected to be available sometime soon? On roadmap?
Thanks.

[dpintos10]

We are looking at ways to have users sign-in (or sign-up) using their Google or FB login credentials into our iOS (and Android) apps that use Cognito User Pools. We have our own screen for sign-up and sign-in, since the stock ones don't let us customize to our needs.
Upon the first sign-in (or through a separate sign-up screen), we want the user to be created in our Cognito pool and be tied to external ID provider.
Can this be done today? Is this feature expected to be available sometime soon? On roadmap?
Thanks.

Have you found any workaround? Im facing exactly the same problem.

Thanks!

[demsey2]

any updates on this, it looks like the only way to register a user in user pool is to use hosted UI

[dpintos10]

any updates on this, it looks like the only way to register a user in user pool is to use hosted UI

#1177 take a look on this might help (last entry)

[nallbradley]

Any updates on this feature being provided?

[klein-thibault]

Following up on this issue, we are facing the same problem and would like to have an API option rather than the hosted UI. Thanks in advance!

[unmeshk75]

It doesn’t work.

We tried everything given in the documentation and spent a lot of time on this. The AWS team also tried to help, but couldn’t.

The case I mentioned in my post above is not in working state with current Cognito or Amplify codebase. I wish they come out and say that clearly.

Don’t trust the docs. Save yourself some time & effort and go with a different solution till AWS team uploads working code sample on GitHub.

[jmzwar]

Any update on this?

[ryan-mannion-zocdoc]

This capability would also be useful for integrating with Sign in with Apple

[saniaky]

So the only way to use social sign-ins with User Pools is to use hosted UI? I'm surprised that Amazon didn't create API for a such popular authentication mechanism =\

[nahung89]

I have the same requirements as OP. Basically the app I am working need to support

1. Base authentication: native username/password registration
2. Facebook / Google authentication
   Both mechanisms must create an instance on UserPool, which as you know it only supports with HostUI.

Although after working for a while I think it is not hard as expected. It also support you to customize Facebook / Google login button.

The hard part relies on configurations, which you can follow these links:
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-integration.html
https://aws-amplify.github.io/docs/sdk/ios/authentication

Here are my configurations and how I implement the Hosted UI

// awsconfiguration.json
{
    "UserAgent": "aws-amplify-cli/0.1.0",
    "Version": "0.1.0",
    "IdentityManager": {
        "Default": {}
    },
    "CredentialsProvider": {
        "CognitoIdentity": {
            "Default": {
                "PoolId": "us-east-1:71ce8d0b-291f-4327-9cee-e09fXXXXX",
                "Region": "us-east-1"
            }
        }
    },
    "GoogleSignIn": {
        "ClientId-iOS": "292315677470-jihr39ghe953oeh05nm7nXXXXXX.apps.googleusercontent.com",
        "Permissions": "profile,email,openid"
    },
    "FacebookSignIn": {
        "Permissions": "public_profile,email"
    },
    "CognitoUserPool": {
        "Default": {
            "PoolId": "us-east-1_XXXXX",
            "AppClientId": "69s281ii7f3rlooXXXXX",
            "AppClientSecret": "112ijeoi9ho7pce6m2d9jkim3udhvumXXXXXX",
            "Region": "us-east-1"
        }
    },
    "Auth": {
        "Default": {
            "OAuth": {
                "WebDomain": "{your-custom-domain}.auth.us-east-1.amazoncognito.com",
                "AppClientId": "69s281ii7f3rloo9XXXXXXX",
                "AppClientSecret": "112ijeoi9ho7pce6m2d9jkim3udhvumrm54emuXXXXXX",
                "SignInRedirectURI": "myapp://",
                "SignOutRedirectURI": "myapp://",
                "Scopes": ["openid", "profile", "email", "aws.cognito.signin.user.admin"]
            }
        }
    }
}

After the configurations, I simply use AWSMobileClient to request the authentication. And because we've already configured on HostedUI on UserPool, Facebook and Google, they will link and create new user instance automatically.

// From AWMobileOptions.swift
public enum IdentityProvider: String {
    case facebook = "graph.facebook.com"
    case google = "accounts.google.com"
    case twitter = "api.twitter.com"
    case amazon = "www.amazon.com"
    case developer = "cognito-identity.amazonaws.com"
    
    func getHostedUIIdentityProvider() -> String? {
        switch self {
        case .facebook:
            return "Facebook"
        case .google:
            return "Google"
        case .amazon:
            return "LoginWithAmazon"
        default:
            return nil
        }
    }
}

#########

import AWSMobileClient
...

func loginCognitoUser(provider: IdentityProvider, navigation: UINavigationController, completion: @escaping (Result<Void, Swift.Error>) -> Void) {
        guard let identityProvider = provider.hostedUIIdentityProvider else {
            completion(.failure(AWSMobileClientError.invalidOAuthFlow(message: "Sorry we don't support \(provider.rawValue) login right now.")))
            return
        }

        let hostedUIOptions = HostedUIOptions(identityProvider: identityProvider)

        awsMobileClient.showSignIn(navigationController: navigation,
                                   hostedUIOptions: hostedUIOptions) { userState, error in
            DispatchQueue.main.async {
                guard let userState = userState else {
                    completion(.failure(error ?? AppError.unknown))
                    return
                }

                switch userState {
                case .signedIn:
                    completion(.success(()))
                default:
                    completion(.failure(AWSMobileClientError.unknown(message: "Undefine sign in state: \(userState.rawValue)")))
                }
            }
        }
    }

[qkhanhpro]

Hi, does the assignment mean there might an update on this topic?

Many mobile users use the Facebook native app (not the mobile site). Showing the hosted UI means it will likely prompt them for Facebook credentials since they don't have a web session. It makes more sense to do the federation natively between our app and the Facebook app.

Cognito Identity Pools support this (registering a user based on their Facebook token), however there are cases where Identity Pool is not suited, e.g. when you require a JWT token instead of AWS credentials. Thanks!

This Is exactly the issue I am facing
Is there any update / workaround yet ?

[amuresia]

Could we get an update please?

[tamiryup]

+1 on all the issues mentioned here. I am genuinely surprised Amazon doesn't support that feature already

[cody1024d]

@rohandubal

Is there anyway to mimic what the HostedUI is doing (via URLs and maybe catching the redirect URL) in our own UI? I've got the same need as the others (Social Identity Provider bound to a given User Pool)

Thanks!

[cody1024d]

Has there been any movement on this at all? IOS 14 is out, and apple-sign in is required if you want to use any other social logins. HostedUI is simply not a reasonable UX for our app.

[bitcot]

Is there any update on this ticket? Do we have any way to create an instance on user pool on using federated social sign in?

[viktor992]

Any update on this?

[nowres]

Facing same issue here

[royjit]

Marking this as a duplicate to #1937 . We will update the related ticket when we get more information.