score:1

import { auth } from "aws-amplify";
import {
    cognitousersession,
    cognitoidtoken,
    cognitorefreshtoken,
    cognitoaccesstoken,
} from "amazon-cognito-identity-js";

/**
 * injects an access token, id token, and refresh token into aws amplify for idenity and access
 * management. cognito will store these tokens in memory and they will persist upon requesting
 * additional pages from the same domain.
 *
 * calling this method should have the same effect as signing in with auth.signin(). when an
 * id or access token expires, cognito will automatically retrieve new ones using the refresh
 * token passed.
 *
 * note: token injection is not "officially" supported by amplify. the only forms of sign-in
 * amplify supports are username & password or federated sign-in.
 *
 * @param accesstoken the access token to be injected. access tokens grant access to resources.
 * @param idtoken the id token to be injected. id tokens contain claims about identity.
 * @param refreshtoken the refresh token to be injected. refresh tokens can obtain new access
 * and id tokens for a long period of time (usually up to a year).
 */
const injecttokensintoamplify = (accesstoken: string, idtoken: string, refreshtoken: string) => {
    const session = new cognitousersession({
        idtoken: new cognitoidtoken({
            idtoken: idtoken,
        }),
        refreshtoken: new cognitorefreshtoken({
            refreshtoken: refreshtoken,
        }),
        accesstoken: new cognitoaccesstoken({
            accesstoken: accesstoken,
        }),
    });
    auth.credentials.set(session, "session");

    // the function createcognitouser is private in amplify. so, we need to cast it
    // in order to call it.
    const currentuser = (auth as any).createcognitouser(session.getidtoken().decodepayload()["cognito:username"]);
    // this calls cachetokens() in cognito sdk. assigns the tokens to the local identity.
    currentuser.setsigninusersession(session);
};

score:2

there's a (now private) function on auth that seems to handle this situation, _handleauthresponse.

pass the returned url that you get after a successful login, that includes the token to the function.

as it is a private function, it needs this workaround to access _handleauthresponse:

urlwithtoken = 'https://localhost:4200/login#access_token=[access_token]&id_token=[id_token]&state=[state]&token_type=bearer&expires_in=3600'

(auth as any)._handleauthresponse(urlwithtoken)

i'm not sure how many of the parameters are necessary, as these are the ones included in the login redirect that we're getting back from a federated signin.

in our application we're then using a hub listener to obtain the user details:

hub.listen('auth', ({ payload: { event, data } }) => {
    console.log('hub:', event);
    console.log('hubdata:', data);
    if (event == 'signin' && data != undefined) {
      //data is a user object
    }
  });

this is the reference used to piece this together: https://github.com/aws-amplify/amplify-js/issues/4955


Related Query

More Query from same tag