question

daydr3amer avatar image
daydr3amer asked

Passing LWA token to Cognito

I am working a an app which uses the Alexa Voice Service and maintains different users, so the users needs to login with Amazon (LWA). I have implemented it like it is written in the docs and it works flawlessly.

LWA docs: https://developer.amazon.com/de/docs/login-with-amazon/use-sdk-ios.html

AMZNAuthorizationManager.shared().authorize(request, withHandler: {(result : AMZNAuthorizeResult?, userDidCancel : Bool, error : Error?) -> () in
		if error != nil {
			// Handle errors from the SDK or authorization server.
                }
                else if userDidCancel {
                    // Handle errors caused when user cancels login.
                }
                else {
                    // Authentication was successful.
                    // Obtain the access token and user profile data.
                    self.accessToken = result!.token
                    self.user = result!.user!
                }
            })

Furthermore I need to retrieve information from DynamoDB, which uses Cognito for authentification. As stated in the docs, there should be a way pass the access token form LWA to Cognito, but I can't find the proper place to do it. They say LWA provides an AMZNAccessTokenDelegate, which it does not. The delegate method provides an API result which Cognito needs. The link in the Cognito docs below refers to the same exact link from the LWA docs I posted above.

Cognito docs: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon.html

func requestDidSucceed(apiResult: APIResult!) {
        if apiResult.api == API.AuthorizeUser {
            AIMobileLib.getAccessTokenForScopes(["profile"], withOverrideParams: nil, delegate: self)
        } else if apiResult.api == API.GetAccessToken {
            credentialsProvider.logins = [AWSCognitoLoginProviderKey.LoginWithAmazon.rawValue: apiResult.result]
        }
    }

What am I missing?

[EDIT]

I crawled through the LWA sources today until I finally found the correct delegate method.

Use AIAuthenticationDelegate instead of AMZNAccessTokenDelegate

But that lets me sit in front of the next two problems:

I.

Value of type 'AWSCognitoCredentialsProvider' has no member 'logins'

Maybe I have to use the following?

.setValue([AWSCognitoLoginProviderKey.LoginWithAmazon.rawValue: apiResult.result], forKey: "logins")

II.

Use of unresolved identifier 'AWSCognitoLoginProviderKey'

What do I put here? Maybe the API key I got from LWA?

[EDIT2]

I wanted to try it out, but `requestDidSucceed` never gets called, even through I successfully logged in.

login with amazonios
2 comments
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

daydr3amer avatar image daydr3amer commented ·

posted on stackoverflow as well https://stackoverflow.com/questions/46852877/passing-lwa-token-to-cognito

0 Likes 0 ·
Moose@Amazon avatar image Moose@Amazon commented ·

Hi

I am not familiar with LWA api, since it is a specific problem related to LWA not AVS, could you post your question here? Thanks!

Let me know if this helps!

Moose

0 Likes 0 ·

1 Answer

Levon@Amazon avatar image
Levon@Amazon answered

Hi there,

1.You are right about the delegate, it should be AIAuthenticationDelegate instead of AMZNAccessTokenDelegate.

2.AWSCognitoLoginProviderKey is not a class in LWAiOSLib, and LwA is not aware of it.

The doc seems outdated, and I will check with the docs team whether it's still valid. Also, please provide your testing log, if you successfully signed in with LwA, requestDidSucceed should be called anyway. Thanks!

10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.