How to get a cognito users' group (in AWS JS SDK V3) - javascript

I try to migrate from AWS JavbaScript SDK V2 to V3.
I want to retrieve the user groups a logged-in Cognito user (form an identity pool) belongs to.
In V2, this was as easy as looking in the ["accessToken"].payload['cognito:groups'] element of the sign-in response.
In V3 it's not part of the response. How do I get this piece of information in V3?

I am using Amplify Auth, so I use the following code:
const session = await Auth.currentSession();
let idToken = session.getIdToken();
console.log(idToken.payload["cognito:groups"]);
You should just switch to "idToken" instead of "accessToken" in the sign-in response, and that should do the trick.

Related

How to create a Google oauth2 token from a Firebase user?

I am trying to get a valid Google oauth2 token for a user that has logged in through Firebase. I need a Google token so I can authenticate this user through other Google services (not just Firebase).
I am currently using the firebase-admin for this on a server and passing that user's Firebase token to nodejs. I'm doing something like this:
admin.auth().verifyIdToken(tokenId)
.then((decoded) => {
const uid = decoded.uid;
console.log(tokenId);
admin.auth().createCustomToken(uid).then((t) => {
console.log(t);
})
}
However neither the token I'm passing to the admin or the custom token seems to work for other Google services. I'm able to create a custom token, just not sure if or how I can use that to get a google oauth token for that user.

Microsoft single tenant authentication with Firebase

For a work-related app I use Firebase authentication with Microsoft. In this case, however, it is important that only people from my company (we use Office 365) can sign into this application. I have everything set-up and working in a non-firebase context. But when I use Firebase for authentication, it seems to always point to the /common/ endpoint. This causes problem with my single-tenant-application. If I set the application to accept all tenants, the app works again. But obviously, now everyone can log into my application.
The pop-up is called with a rather conventional:
const provider = new auth.OAuthProvider("microsoft.com");
provider.setCustomParameters({
tenant: "[tenantName].com"
});
auth()
.signInWithPopup(provider)
.then(result => {
But I can't find any instructions on changing the oauth endpoint to use the single tenant endpoint.
How would I go about doing this?
But I can't find any instructions on changing the oauth endpoint to
use the single tenant endpoint.
We can not change the oauth endpoint, even though we add the tenant information to customParameters. The endpoint always use common as the value of tenant. This is the default design.
If we enable Microsoft as a sign-in provider, users using Microsoft accounts (Azure Active Directory and personal Microsoft accounts) can sign in.
Turns out the above is not exactly true. I've switched to signing in with a redirect, and now it (mysteriously) works.
const provider = new auth.OAuthProvider("microsoft.com");
provider.setCustomParameters({
tenant: "[tenant].com"
});
auth().signInWithRedirect(provider);
I have tested this. The tenant is named in the redirect, and people from other tenants cannot log in.

How to get user info using Office-js-helper's Authentication?

I am working on Excel Web Add-In. I am using OfficeDev/office-js-helpers library for authenticating user. Following code is working fine. But I don't know how to get user's email, user name etc.
Is there any function available in OfficeDev/office-js-helpers through which I can get user info ?
if (OfficeHelpers.Authenticator.isAuthDialog()) {
return;
}
var authenticator = new OfficeHelpers.Authenticator();
// register Microsoft (Azure AD 2.0 Converged auth) endpoint using
authenticator.endpoints.registerMicrosoftAuth('clientID');
// for the default Microsoft endpoint
authenticator
.authenticate(OfficeHelpers.DefaultEndpoints.Microsoft)
.then(function (token) {
/* My code after authentication and here I need user's info */ })
.catch(OfficeHelpers.Utilities.log);
Code sample will be much helpful.
This code only provides you the token for the user. In order to obtain information about the user, you'll need to make calls into Microsoft Graph API. You can find a full set of documentation on that site.
If you're only authenticating in order to get profile information, I'd recommend looking at Enable single sign-on for Office Add-ins (preview). This is a much cleaner method of obtaining an access token for a user. It is still in preview at the moment so it's feasibility will depend on where you're planning to deploy your add-in.
Once you have the Microsoft token, you can send a request to https://graph.microsoft.com/v1.0/me/ to get user information. This request must have an authorization header containing the token you got previously.
Here is an example using axios :
const config = { 'Authorization': `Bearer ${token.access_token}` };
axios.get(`https://graph.microsoft.com/v1.0/me/`, {
headers: config
}).then((data)=> {
console.log(data); // data contains user information
};

Using Meteor Google Auth with Google Drive API

I'm trying to use Meteor Google Auth with Google Drive API but meteor auth give only an access token, and Google Drive need a lots of other information (https://developers.google.com/drive/web/quickstart/quickstart-nodejs like clientID, clientSecret, ...).
It's possible to send directly the access token into this function ?
var drive = google.drive({ version: 'v2', auth: auth });
Thank's a lot!
Looking at that demo I would use settings by running meteor --settings client_secret.json and then inside your code:
authorize(Meteor.settings.web, listFiles);

Why is the Facebook user id picked up by Firebase different to the Facebook id associated with the same account in the Facebook Graph?

I have integrated Facebook authentication with Firebase into my website. I am using the Firebase JavaScript API.
The code I am using is lifted straight from the Firebase tutorial titled "User Login & Authentication" available here: https://www.firebase.com/docs/web/guide/user-auth.html
var myRef = new Firebase("https://#######.firebaseio.com");
var auth = new FirebaseSimpleLogin(myRef, function(error, user) {
if (error) {
// an error occurred while attempting login
console.log(error);
} else if (user) {
// user authenticated with Firebase
console.log("User ID: " + user.id + ", Provider: " + user.provider);
} else {
// user is logged out
}
});
auth.login("facebook");
This all works perfectly well, logging the correct information.
However, the id that is logged (i.e. the user id that visible in the data in the Firebase dashboard) is different to the Facebook id I get through Facebook Graph.
With Firebase, I get a 17-digit user id.
With Facebook Graph (https://developers.facebook.com/tools/explorer?method=GET&path=me%3Ffields%3Did%2Cname&version=v2.0), I get a 9-digit user id.
This means that I can't use Firebase to login, grab the Facebook id and make requests through Facebook Graph - the user ids for the same user are different.
Why does this difference exist? How can I use Firebase to get the same Facebook id that appears in Facebook Graph?
Facebook recently introduced version 2.0 of their Open Graph. With that came a lot of changes. One of them is the user ID returned by Facebook to Facebook applications. Instead of every app receiving a user's global Facebook ID, each app now receives what they call an "app-scoped ID." This means that every app will receive a different user ID for user X even though each unique ID still maps to user X. If you need to be able to map a user across multiple apps, you can use their Business Mapping API. Ultimately, this was a change Facebook made that we at Firebase have no control over.
If you are getting a 17-character ID from Simple Login, it probably is because your Facebook app was created before the change to Facebook login v2 happened (a little over a month ago). I see in your Open Graph Explorer request that it is using v2. But with Simple Login we are using a mixture of v1 and v2 depending on when your Facebook app was created. We are working on adding an option for you to decide what version of the Facebook Open Graph API you want to use, but have not added that yet. If you want to use v2 at this point, you just have to create a new Facebook app and everything should work. If you want to stay with v1, be aware that Facebook will stop supporting it in around 10 months.
Search for "App-scoped User IDs" on this page for their official changelog information.
The new user ID is returned in the providerData object within the object returned from Firebase on successful login.

Categories