-
Notifications
You must be signed in to change notification settings - Fork 888
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow AWSMobileClient to accept tokens as a starting point #5447
Comments
@occassionally I have marked this as a feature request. You could try using HostedUI which generates and returns the token to AWSMobileClient. |
@harsh62 Thanks! Unfortunately, using HostedUI is not really an option due to its appearance. Even with styling options, it's not what most users expect from a production iOS app. Can the token-refreshing logic of HostedUI be replicated in AWSMobileClient? It seems like if HostedUI can do it, AWSMobileClient could too. |
Unfortunately that is not true because HostedUI uses Cognito's internal API to achieve that logic which is not available to AWS SDK. AWSMobileClient is only able to access publicly released Cognito APIs. This has been requested a few times on Github and we forwarded that request to Cognito service team. I would suggest you to open a ticket with AWS support. For the time being, accepting tokens in not available. You could build it yourself and open a PR. I will be happy to look at it. |
Understood, thanks for the clarification.
That might be an option. I'm not too familiar with this library though, so could you please let me know if I'm on the right track with this? It looks like Lines 29 to 53 in 19ab7d4
Which uses its internal Lines 109 to 155 in 19ab7d4
Specifically, this would be the end result of a successful Lines 143 to 144 in 19ab7d4
aws-sdk-ios/AWSAuthSDK/Sources/AWSMobileClient/Models/Tokens.swift Lines 20 to 34 in 19ab7d4
And if the If that all sounds about right, could you please give me some clarity on these questions:
|
Closed since maintainers will not respond. |
This issue is now closed. Comments on closed issues are hard for our team to see. |
Which AWS Services is the feature request for?
AWSMobileClient
Cognito.Is your feature request related to a problem? Please describe.
Using Sign in with Apple as an identity provider is problematic, because unlike other providers, Apple does not provide a client-side method for refreshing tokens and Cognito does not handle it for developers either. See this issue for more details.
To work around this, I've attempted to implement a hybrid approach:
This is where the problem arises.
First, the tokens generated server-side are not universal in the sense that they aren't automatically shared with the client. Meaning, if the client then attempts
AWSMobileClient.default().getTokens()
, it will throw an error saying the user is not signed in.Second, if the server returned the tokens to the client, they cannot be passed to
AWSMobileClient
.This means the only solution is likely to not use
AWSMobileClient
at all, and manually handle all client-side logic related to signing in, signing out, getting tokens, etc.Describe the solution you'd like
Add a feature like
AWSMobileClient.default().setTokens(idToken, accessToken, refreshToken)
.This will make it so the server can generate the initial tokens, after which
AWSMobileClient
will handle the process as usual.AWSMobileClient
does not need to do anything regarding Sign in with Apple. It simply needs to accept the Cognito tokens as a starting point, after which its flow remains unchanged.The client is responsible for detecting if or when Sign in with Apple authorization is revoked, at which point will also revoke the Cognito tokens and require the user to begin the process again.
Describe alternatives you've considered
There are very few alternatives to using Sign in with Apple with Cognito, other than doing everything yourself or switching to another provider like Firebase, which does handle refreshing Apple's tokens for the developer.
Additional context
Sign in with Apple is mandatory in all applications that provide any other identity-provider sign in options. Cognito and
AWSMobileClient
do not provide much support for Sign in with Apple other than the bare-bones minimum which is not entirely workable in most cases.The text was updated successfully, but these errors were encountered: