aws-cognito | A PHP library for AWS Cognito user pools | AWS library

I'm trying to configure AWS Cognito to work with ADFS as a SAML provider in a dotnet core 3.1 MVC application. I believe I have ADFS and Cognito correctly configured as I can log into the application using a user in ADFS. I am at a stage where I can login and logout, however when logging out ADFS throws the error:

MSIS7054: The SAML logout did not complete properly.

This does still log the user out of ADFS. I think I’ve narrowed it down to the SAML logout messages ADFS receives need to be signed. References: here, here and here

Amazon describe how to do this from there end

To set up the SAML IdP to add a signing certificate: To get the certificate containing the public key which will be used by the identity provider to verify the signed logout request, choose Show signing certificate under Active SAML Providers on the SAML dialog under Identity providers on the Federation console page.

However, I’m not sure how I take their public key (which is just a string) and provided that to ADFS. The only thing I can seem to find is an encryption tab, that takes a certificate file (Is there some conversion thing I need to do?). I have tried this, which is putting the key inside a .cert file and adding to the relaying party encryption tab of ADFS, however this did not work.

Any help would be appreciated.

Thanks, Adam

React JS code:

I want the src/app.jsx to do export default App when the REACT_APP_AUTH_SERVER variable in .env does not exist or have other value, and do export default withAuthenticator(App) when the REACT_APP_AUTH_SERVER variable in .env does exist, and has value aws-cognito:

src/app.jsx:

I'm trying to use AWS Cognito as an authorizer for my REST API in AWS API Gateway.

It asks me to fill in the Issuer URL:

I digged through the AWS Cognito User Pool page, there is no such thing.

I found a related answer here: AWS: Cognito integration with a beta HTTP API in API Gateway? and I quote:

I read some questions and answers about my issue, but I still don't know the answer.

Can I use the userSub in AWS Cognito as primary key?

AWS Cognito: Difference between Cognito ID and sub, what should I use as primary key?

First, I will try to describe my case.

I want to create an application with spring boot as a resource server that uses oauth2. Then to save me some time with user management, I was hoping to use AWS Cognito since it allows me to create users as admin. I can set it up that it won't let other people sign up for themselves, which is crucial for me since my app will have restricted access; the admin will manage that.

Now to my question, which field of AWS Cognito can I use as the primary key for keeping user-specific data in my DB? I read that neither usernamenor sub is correct. username can be changed, for example, and sub is globally unique, so it can't be restored. Is there any way to create a custom field where AWS Cognito will autogenerate UUID that I can use, and if I had to restore the user pool, I would have an option to set this field?

I have used the aws-samples example named aws-cognito-dot-net-desktop-app in C# and WPF in a Windows PC application:

aws-cognito-dot-net-desktop-app

It works very well and correctly registers the user in Cognito.

Now, I'm using the same code for an Android application with C#.

To register a user, do the following:

Generally what means Property "Not currently supported by AWS CloudFormation" for a CDK implementation, specifically:

In the CloudFormation Properties for the Cognito Userpool Lambda Config it says: CustomEmailSender - Not currently supported by AWS CloudFormation. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html

In the CDK for Cognito.CfnUssrPool this property is described: https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-cognito.CfnUserPool.LambdaConfigProperty.html#customemailsender

My question now is whether this can be implemented with CDK at all? Currently, our Cognito is provided completely via CDK and I would like to keep it that way.

Edit:

I found a link (Using CustomEmailSender with CFN) where it says that contrary to the documentation it does seem to work and only the documentation has not been updated, I will test this and give feedback.

I have an API in AWS API gateway secured with AWS-Cognito. In order to use the endpoint the user must to be recognized by Cognito that will return a token.

The question here is related to the CREATE USER process. In order to use this endpoint the user must to exist in the Cognito, then receive the token and use it to connect to the CREATE USER endpoint. But at the moment of the creation of the user in the database (api-endpoint) the user is not created in Cognito and has no permission to get access to the API.

So, how should be the best approach to this process?

I look for the Authorization token used by Cognito in order to put it in the header of my tests. I need to test some backend API.

I am using Insomnia and the awscognitotoken plugin. However, I fail to configure it in order to get the token. Their usage is not clear to me.

Here is how I configure the awscognitotoken plugin :

• Function to Perform: AWS Cognito Team - Plugin for insomnia ………
• Username: the email I use to login to cognito; also tried the cognito username (uuid)
• Password: the password
• Region: eu-west-1
• ClientId: 3t********************dcl5
• TokenType: access
• ClientSecret: nothing as none is configured

What I get is:

I'm building a React application that uses API Gateway and Lambda on the back-end. I'm going through the process of integrating Cognito authentication. I've completed the following: