Yes, I use AWS user authentication all the time.
Check this out and another answer I sent for user authentication here
So the steps are:
- Configure Cognito to authenticate unauthenticated users
- You must do this, otherwise they will not be able to access anything before entering the system.
And your real developer name <is an important part
Install DynamoDB (or something else) to save user password information
Go to IAM and create the AUTHENTICATED role and the UNAUTHENTICATED role.
You provide the UNAUTHENTICATED role, assign:
AmazonCognitoDeveloperAuthenticatedIdentities AmazonDynamoDBFullAccess (if you want a login and registration system) AmazonDynamoDBReadOnlyAccess (if you only want to login)
- Also go in and do:
Edit Trust Relationship
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Federated": "cognito-identity.amazonaws.com" }, "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "StringEquals": { "cognito-identity.amazonaws.com:aud": "<YOUR_COG_ARN>" }, "ForAnyValue:StringLike": { "cognito-identity.amazonaws.com:amr": "unauthenticated" } } }] }
Now create the AUTHENTICATED role and assign:
AmazonCognitoPowerUser AmazonDynamoDBFullAccess AmazonSNSFullAccess - for example, and whatever you wish
Also go in and do:
Edit Trust Relationship
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Federated": "cognito-identity.amazonaws.com" }, "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "StringEquals": { "cognito-identity.amazonaws.com:aud": "<YOUR_COG_ARN>" }, "ForAnyValue:StringLike": { "cognito-identity.amazonaws.com:amr": "authenticated" } } }] }
PLEASE NOTIFY ONE CHANGE - "authenticated" and "not verified"
Now it should be the responsibility of mobile hubs, but since they came out with this, everyone thinks that they are exempted! Not that case! You need to know what sts:AssumeRoleWithWebIdentity
Now that you're all set up, run your xcode Mobile Hub project
Fill in all the data (if there is none, which should be due to the fact that the Mobile-Hub is pleasant to us) for AUTHENTICATED ARN and UNATHENTICATED ARN
Customize your login page
When the user goes to the login (encrypts his password) and sends it and username to DynamoDB.
12B. I really like to use Lambda ESPECIALLY for mobile devices, because you can really do a lot more And you are less prone to errors and you have more control, etc.
So, back to steps 4 and 6, if you want to use Lambda and add Inline Policy to Roles . IAM → Roles → Your Role → Create Role Policy And pop in:
{ "Version": "2012-10-17", "Statement": [{ "Sid": "", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" }] }
Now that you have the base installed, go back to Xcode.
- If you are using Lambda, send your username and password, let the lambda pull the string from DynamoDB and do a check
does the user exist, if so do the passwords match
In Lambda, it should look something like this:
const AWS = require('aws-sdk'), ddb = new AWS.DynamoDB() exports.handler = function(event, context) { var params = { TableName : '<users>', KeyConditionExpression : 'userType = :v_type AND username = :v_user', FilterExpression : 'password = :v_pass', ExpressionAttributeValues : { ':v_type' : { S : '<superdooper>' }, ':v_user' : { S : event.username }, ':v_pass' : { S : event.password } } //ProjectionExpression: 'email, joinDate, phone' (OPTIONAL) } ddb.query (params, function(err, data) { if (err) { context.fail (JSON.stringify(err, null, 2)); } else { if (data.Count !== 0) context.succeed (data.Items); else context.succeed ('Wrong Info'); } }); };
As soon as you receive your data. Returns to Xcode, calls this Lambda function, sends your variables, and when they say ok, call:
credentialsProvider.setLogins({developerAuthenticationProvider.getProviderName(), developerUserIdentifier});
The following are credentialsProvider.refresh();
This part above should be in your Xcode project from MobileHub.
Now it was strange. There are tons of ways to do this. TVM , Cognito Suppose Auth, server side, etc.
I always confirm authentication from UNAUTHENTICATED to AUTHENTICATED , but you need to do a lot of material to complete if you want to get real analytics from both the web and the mobile, if you do this for both. But as soon as you have an authenticated user, you now have a well-authenticated user, ready to access what you indicated in step 6 as authenticated!
Hope this helps.
Update --- This is a dirty, unsafe, but quick way to do it. NOT FOR PRODUCTION.
In cognito, do not do an Authenticated user role . Give your Unauthenticated user role all permissions to do everything ( DynamoDBFullAccess , S3FullAccess , EC2FullAccess , etc.)
Then authenticate with the phone. Check the username and password on DynamoDB, and then if it returns information, set the variable to TRUE . This is not safe, because now the user has access to all your materials, but he will look like this:
BOOL loggedIn = FALSE; if (loggedIn) { [self loadView]; } else { [self loadLoginView]; } - (void) loadLoginView { DynamoDBCall (username, password) withCompletion () { if (allGood) { _loggedIn = TRUE; } } }