Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Redirect to built-in sign-in page for AWS Cognito user pool

Tags:

amazon-web-services

aws-api-gateway

amazon-cognito

I have created an API in AWS API Gateway with 1 REST endpoint. The REST endpoint invokes a Lambda function written in C#. I have also created a AWS Cognito user pool. What I am trying to do is integrate AWS Cognito with AWS Gateway API so that when an unauthenticated user attempts to invoke the REST API, the API will redirect them to the built-in sign-in page for AWS Cognito. Currently, I got as far as integrating the 2 together but when I attempt to invoke the REST API, it simply displays an unauthorized message. Instead of displaying that message, I want it to redirect to the sign-in page at that point. I have read through lots of AWS docs and don't know what I am missing. How would I go about doing this?

like image 992
Andrew Avatar asked May 03 '18 06:05

Andrew

People also ask

How do I customize my AWS Cognito login page?

To specify app UI customization settingsSign in to the Amazon Cognito console . In the navigation pane, choose User Pools, and choose the user pool you want to edit. Choose the App integration tab. To customize UI settings for all app clients, locate Hosted UI customization and select Edit.

Can AWS Cognito be used for SSO?

Single Sign-On (SSO) solutions allow users to enter credentials once and access many systems simultaneously. IT administrators can use a local SSO server or a third-party service to manage authentication, allowing for centralized access management.

Does Cognito use to manage sign up and sign in functionality for mobile and web applications?

Yes, you can easily and securely add sign-up and sign-in functionality to your apps with Cognito Identity. Your users can sign-up and sign-in using email, phone number, or user name.

What is the difference between Cognito user pool and identity pool?

User pools are for authentication (identity verification). With a user pool, your app users can sign in through the user pool or federate through a third-party identity provider (IdP). Identity pools are for authorization (access control).

2 Answers

I was able to solve it by specifying a custom Gateway Response that sends a 302 redirect to the login page in the case of an UNAUTHORIZED response from Cognito. In Terraform, it looks like this:

resource "aws_api_gateway_gateway_response" "unauthorized" {
  rest_api_id   = "${aws_api_gateway_rest_api.apiGateway.id}"
  status_code   = "302"        
  response_type = "UNAUTHORIZED"  

  response_templates = {
    "application/json" = "{'message':$context.error.messageString}"
  }

  response_parameters = {
    "gatewayresponse.header.Location" = "'https://example.com/login'"
  }
}
like image 133
Max Avatar answered Oct 11 '22 12:10

Max

I figured out a solution to this. I gave up on my original approach and ended up doing this:

  1. Created a AWS Cognito User Pool and set the grant type to Implicit in the App client settings (since the HTML/JS website I mention later is a Single Page Application).
  2. Created a group and user in the User Pool to test with.
  3. Created a REST API in API Gateway that uses an AWS Cognito authorizer.
  4. Set up a static website using AWS S3. The static website contains a simple HTML/JS client that uses the AWS Cognito Identity library to authenticate users. Once a user is authenticated, I receive a JWT token from the library. Then, using AJAX, I pass this token to the REST API above.

This accomplishes what I was looking for.

like image 36
Andrew Avatar answered Oct 11 '22 14:10

Andrew
Sign in to Comment

Related questions

Is there a way to parameterize cloud formation resource names?
AWS ELB throwing 5XX but the registered instances are not throwing 5XX errors
Running a cron job in Elastic Beanstalk
How do you call adminInitiateAuth from NodeJS Lambda?
Independent python subprocess from AWS Lambda function
How to copy folder from S3 to elastic beanstalk instance on instance creation
Django doesn't see environment variables when deployed to Elastic Beanstalk
How to Use AWS S3 C++ SDK TransferManager DownloadFile Callback
SSH connection in Amazon lightsail
How to update a string set In DDB that is nested inside a map
I'm uploading data from my Swift app to Amazon S3 and it drains battery like nothing else. How can this be avoided?
How to add a security group to an existing EC2 instance with CloudFormation
Sklearn on aws lambda
How can I sync data in S3 between a Beijing(China) bucket and a global one?
AWS RDS - IAM Database Authentication with Rails
Connect to Active MQ with golang
IAM role inside SAM template
How can we create database and table in Amazon Athena using CloudFormation
How to actually track S3 upload progress (JavaScript SDK)
Can't find refresh token when Cognito redirects back to my URL

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!