Trying to get tokens and Current User about aws-aspnet-cognito-identity-provider HOT 7 CLOSED

Can you try using this overload:

https://github.com/aws/aws-aspnet-cognito-identity-provider/blob/master/src/Amazon.AspNetCore.Identity.Cognito/CognitoSigninManager.cs#L103

You may want to call something like

var user = await _userManager.FindByNameAsync(login.UserName);

Then this overload:

https://github.com/aws/aws-aspnet-cognito-identity-provider/blob/master/samples/Samples/Areas/Identity/Pages/Account/ResetPassword.cshtml.cs#L69

The user variable should be then updated with the tokens.

Iirc there is a behavior in Identity where you need to be in another page to recoup the tokens from the Context object.

from aws-aspnet-cognito-identity-provider.

Thank you for the help,

I tried both FindByNameAsync and FindByEmailAsync and while they do return the user object SessionsTokens is null.

Regarding moving to another page this did work for me.

public class DashboardController : Controller
{
    private readonly ILogger<DashboardController> _logger;

    public DashboardController(ILogger<DashboardController> logger)
    {
        _logger = logger;
    }

    [Authorize]
    public async Task<IActionResult> Index()
    {
        var accessToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.AccessToken);
        var refreshToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.RefreshToken);
        var idToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.IdToken);
 
        var claims = HttpContext.User.Claims;

        return View();
    }
}

All tokens and claims are loaded here. So I'm assuming at this point not having access to claims and token at login is a Microsoft identity issue.

from aws-aspnet-cognito-identity-provider.

Yes, the context object is updated when accessing another page.

from aws-aspnet-cognito-identity-provider.

The user instance Session Tokens should be updated after calling the PasswordSigningAsync. Can you check that?

from aws-aspnet-cognito-identity-provider.

var user = await _signInManager.UserManager.FindByEmailAsync(login.UserName);
var result = await _signInManager.PasswordSignInAsync(user, login.Password, login.RememberMe, lockoutOnFailure: false);
if (result.Succeeded)
{
    _logger.LogInformation("User logged in.");
    return LocalRedirect(returnUrl);
}

If I sign in like above, the session tokens are populated, however there is no way that I see to get the CognitoUser with populated session tokens when using the overload from the sample.

This raises another question for me, when I need to refresh the access token/id token using the refreshtoken the method RefreshSigninAsync requires a CognitoUser, does this user need to have SessionToken populated? I can get a CognitoUser from the user manager but session token is empty. Do I manually create session token from HttpContext or is there a mechanism to get the currently logged in user.

from aws-aspnet-cognito-identity-provider.

Would you mind sharing a sample app that reproduce the error? Please make sure to not include secrets.

As you can see below, we populate the user tokens from the Context when calling UserManager.GetUserFrom* methods:

https://github.com/aws/aws-aspnet-cognito-identity-provider/blob/master/src/Amazon.AspNetCore.Identity.Cognito/CognitoUserManager.cs#L136

This is also called by the RefreshSigninAsync method so the tokens should be populated.

from aws-aspnet-cognito-identity-provider.

Closing due to inactivity

from aws-aspnet-cognito-identity-provider.