Within an iOS app, written using Xamarin, I am trying to allow a user to log into AWS using Cognito User Pools, then allow them to read data from a DynamoDB instance.
My setup is: I created a user in my user pool, configured their IAM role, all that stuff. And in fact, the login seems to work. My problem (I think) is that after the user is logged in, passing that login context to the Dynamo DB Client.
Here is what the ViewController code in my iOS app looks like:
public static CognitoUser regUser; //ugly static for now
...
private async void BtnDoLogin_TouchUpInside(object sender, EventArgs e)
{
string username = txtAWSUsername.Text;
string password = txtAWSPassword.Text;
var res = await AttemptLogin(username, password);
System.Console.WriteLine("--->>> AuthFlowResponse is: " + res.AuthenticationResult);
TryDynamoStuff(regUser);
}
public static async Task<AuthFlowResponse> AttemptLogin(string username, string password)
{
//temporarily hardcoding creds just to be sure they're correct
username = "my-user";
password = "users-password-here";
string CognitoIdentityPoolId = "us-east-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
var provider = new AmazonCognitoIdentityProviderClient(new AnonymousAWSCredentials(),
FallbackRegionFactory.GetRegionEndpoint());
CognitoUserPool userPool = new CognitoUserPool("us-east-1_aaaaaaaaa", "yyyyyyyyyyyyyyyyyy", provider);
regUser = new CognitoUser(username,
"yyyyyyyyyyyyyyyyyy",
userPool,
provider,
"zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz");
AuthFlowResponse context = await regUser.StartWithSrpAuthAsync(new InitiateSrpAuthRequest()
{
Password = password
}).ConfigureAwait(false);
return;
}
public static void TryDynamoStuff(CognitoUser user) //"user" not used atm
{
string CognitoIdentityPoolId = "us-east-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
CognitoAWSCredentials credentials = regUser.GetCognitoAWSCredentials(CognitoIdentityPoolId, RegionEndpoint.USEast1); //// ---------------------> EXCEPTION IS THROWN HERE
var client = new AmazonDynamoDBClient(credentials,region);
DynamoDBContext context = new DynamoDBContext(client);
}
The exception thrown during the TryDynamoStuff is:
Amazon.CognitoIdentityProvider.Model.NotAuthorizedException: User is not authenticated. occurred
What I don't understand is why? The "regUser", even if I pass an instance around instead of using a static var, should be authenticated?
Setting a breakpoint just before the crash I've even confirmed the AWSFlowResponse context has a session ID assigned.
Is there something else I need to do to get that AWSFlowResponse context to apply to the Dynamo login?
To anyone who can help - you are my hero.
References
Amazon's code: Amazon.Extensions.CognitoAuthentication release
Another code sample by AWS: CognitoHelper.cs
Storing and retrieving data from DynamoDB: AWS Docs