Search code examples
amazon-web-servicesamazon-cognitoaws-amplify

Get CognitoId from Authenticated User

I'm using Amplify framework to bring my idea to life, so far so good except for one thing I'm stuck with.

I let the authenticated users to upload files to S3 and I'm using Protected access level, according to this, Protected is readable by all users, I already managed to upload the files and save some info in a Dynamo table.

The Storage documentation states the following:

Protected: Readable by all users, but writable only by the creating user. Files are stored under protected/{user_identity_id}/ where the user_identity_id corresponds to the unique Amazon Cognito Identity ID for that user.

BUT I'm not being able to match the {user_identity_id} created in S3 under Protected with none of the info available in Cognito User Pool, so, I really can't find a way of knowing which files belong to a particular user, furthermore, I need a way to let my Admin users be able to see the files uploaded by all the users.

On the other hand, here, the docs say one can retrieve a file by passing the identityId as a parameter, but:

  • How do I retrieve the IdentityId for a particular user?
  • How can I find the CognitoUser based on the IdentityId saved in S3?

I'll appreciate some guidance.

Solution

  • Well, I think understand where did you go. I never used AWS Amplify, but the basic concept is like I mentioned above to generate identityId. On diagram block, it will be like so :

    User Authorization

    IdentityId is the unique ID for every federated identity role, can be authenticated either unauthenticated roles. We will call CognitoIdentityCredentials to exchange the token with aws temp credentials as authenticated role. Once users have credentials, they will have AWS.config.credentials with identityId included.

    Back to your question, I found "Auth.currentUserCredentials()" method to get user identityID with amplify lib. Example:

    let creds = await Auth.currentUserCredentials()
console.log(creds.identityId)

    Then, based on the amplify doc you can retrieve your pretected s3 by example :

    Storage.list('photos/', { 
   level: 'protected', 
   identityId: creds.identityId
})
.then(result => console.log(result))
.catch(err => console.log(err));