Unable to accept invitation Aws Organization - aws-organizations

I am trying to accept AWS account invitation to join one AWS Organizations but getting an error like,
You can only join an organization whose Seller of Record is same as your account

Related

How can i send input data from form fields on my website to a discord webhook which pms a user on discord?

ideal look
Webook would dm user specific info inputted into the form on my website:
name, age, location.
Discord Web hooks can be used to send messages to servers but it can not be used for direct messaging users. You can read more about discord web hooks here

Firebase query to get users email registered with social login (js)

What is on Firebase the query to get users email if they signed up using social login?
I'm using javascript, i know how to access database etc. but i'm not personally saving users email address, firebase does that automatically.
There is no client-side API to get a listing of users, as that would make it very easy to leak information about your users.
If you want to expose this information, you have two common options:
Store the information you want to expose in a database (such as the Firebase Realtime Database, or Cloud Firestore), and then access that from the app.
Create an endpoint (for example through Cloud Functions) that uses the Admin SDK to return a list of users.
Neither is pertinently better in all situations, although I believe the first one is a lot more commonly used.
Also see:
How do I return a list of users if I use the Firebase simple username & password authentication (back from before Firebase had an Admin SDK that contains functionality to list users)
Retrieving a list of users who have registered using Firebase Auth (more recent, and mentions the Admin SDK in an answer by one of its authors)
How can I list all users using firebase admin sdk

Migrating users from cognito userpool to identity pool

AWS SDK (JavaScript)
I ported all of my users from a MSSQL DB to a AWS Cognito UserPool.
Now I need to have each one of my Cognito users in my Identity pool.
This needs to happen so I can move my user data into Cognito Sync's datasets.
Problem :
I cannot move each cognito user in my userpool to my identity pool.
I have searched the docs and I cannot seem to findout how to go about this.
I cannot log each user in because each user will need to reset their own password. (this is due to the way things are when porting users from a .csv file)
SOLVED
I loop through users in a batch.
Each user is converted to a Cognito User in a User Pool
Once the Cognito User is successfully added, I then log that user in manually,
Then I have to set the users password with a temp password
Next I get the successful method called
Inside the success method, I now have the user in the Identity pool because I logged the user in manually
Now I get the users Identity ID
Now I can set DataSets
NEXT IMPORTANT I have to set the user back to "RESET REQUIRED"
Then the loop continues and I process the next user in the batch
NOTE Make sure you do not have anything checked in you MFA portion in the Userpool or emails will be sent. Also emails are still sent in special circumstances. To get around this, I performed this task
Change the users email to fake#fake.com
All emails are sent to fake#fake.com
when you are done with the user and all is well, change the users email back to the correct email.
First, Identity Pool does not have users - just identities. Each identity corresponds to a User (A Userpool user or a Google/FB user) in case of authenticated identities and has an IdentityId (for all identities - authenticated & unauthenticated). This is generated when a GetId API call is made with an IdToken from the appropriate IdP (Userpool in your case).
Also, I don't see why you need to generate identities for all the users in your userpool. These identities are supposed to be generated on-the-fly. Design & deploy your app and when a user uses your app for the first time, your app will make a GetId call, thus generating an IdentityId.

AWS Lambda - Cognito Identity ID changes with same login

I'm using AWS Lambda, Cognito, and API Gateway (orchestrated with Serverless) to build an API for my web-app.
A user authenticates using Cognito, and then makes an authenticated request to the API (pattern copied from the Serverless Stack tutorial, where I grab their Cognito ID:
event.requestContext.identity.cognitoIdentityId
Then I grab the user record associated with that cognitoIdentityId to perform role/permissions based logic and return the relevant data.
The trouble I've been running into is that when different people (other devs I'm working with, currently) log in using the same credentials, but from different computers (and, in some cases, countries), the cognitoIdentityId sent with their request is completely different -- for the same user userPool user record!
Note: I am not integrating with any "Federated Identities" (ie, Facebook, etc). This is plain old email sign-in. And everyone is using the same creds, but some people's requests come from different Cognito IDs.
This is highly problematic, because I don't see another way to uniquely identify the user record in my DB associated with the Cognito record.
QUESTIONS: Am I missing something? Is there a better way to do this? Is this the expected behavior?
The API is currently not actually plugged into a DB. Because our data structure is still in flux, and the app is far from live, I've built out an API that acts like it integrates with a database, and returns data, but that data is just stored in a JSON file. I'll reproduce some of the relevant code below, in case it's relevant.
An example lambda, for fetching the current user:
export function getSelf(event, context, callback) {
const { cognitoID } = parser(event);
const requester = cognitoID && users.find(u => u.cognitoID === cognitoID);
try {
if (requester) {
return callback(null, success(prep(requester, 0)));
} else {
return authError(callback, `No user found with ID: ${cognitoID}`);
}
} catch (error) {
return uncaughtError(callback, error);
}
}
That parser stuff up top is just a util to get the ID I want.
The associated user record might look like this:
{
cognitoID: 'us-west-2:605249a8-8fc1-40ed-bf89-23bc74ecc232',
id: 'some-slug',
email: 'email#whatever.com',
firstName: 'John',
lastName: 'Jacob Jingleheimer Schmidt',
headshot: 'http://fillmurray.com/g/300/300',
role: 'admin'
},
Cognito User Pools is used to authenticate users and provides you JWT tokens. When you want to access any AWS Services you need AWS Credentials (access key and secret key). This is where you should use Federated Identities. The tokens you get from Cognito User Pools should be exchanged with Federated Identities to get AWS credentials to access other AWS services. The serverless-stack also covers this in detail.
Now since you have not added the user pool as an authentication provider in your identity pool, my observation is that you are getting an unauthenticated identity from Federated Identities (you can confirm this from the Amazon Cognito console) which is why it is different for each of your team members. You should add the user pool as an authentication provider in the identity pool and follow the documentation to provide the information required in logins map.

Retrieve credential for a custom auth in firebase in order to link the custom provider

In my firebase app, users can login using
Google (federated provider by Firebase) or
Slack (implemented as custom Auth Provider)
I want to give the user the opportunity to link both accounts. So the case I am opening is:
User signs in with Google
User goes to Settings and clicks 'Connect with Slack'
User account should then be linked so he can sign in with either Slack or Google next time
As per documentation, in order to link accounts, you can call either linkWithPopup/Redirect for federated providers or auth.currentuser.link(credential) for the email provider (https://firebase.google.com/docs/auth/web/account-linking).
I am now wondering if I can somehow obtain an AuthCredential from my custom Slack authentication and use the above link(credential) method?
Did anybody managed linking accounts to custom auth providers successfully?
This is not supported out of the box.
What you can do is the following (requires tweaking of the order, mainly switching the order):
Sign in with custom auth using slack: (the uid used here in the custom auth account could be the same as the slack user identifier).
linkWithPopup/Redirect/Credential using the Google provider or credential to the existing slack custom user.
If you insist on the proposed flow, you can do the following:
Sign in with Google first (uid allocated).
Sign in with Slack (slack OAuth credential obtained).
Send Firebase ID token and slack credential to your backend.
Verify Firebase ID token, query slack userinfo endpoint to get slack user data, including slack identifier.
Save a hash map with the Slack identifier as key and the Firebase uid as value, another hash map with firebase uid as key and slack identifier as value.
Mint a custom token with the firebase uid, set slack custom attribute (slack: {Slack Identifier}).
Send custom token to front end and signInWithCustomToken (slack identifier will now be available in token)
The slack account is now linked to the existing account.
The next time the user logs in with Slack:
Send the slack OAuth credential to the backend.
Query slack userinfo to get slack identifier.
Check hash map using slack identifier key for corresponding firebase uid.
Mint custom token with firebase uid, add slack identifier as custom attribute.
sign in with custom token on the client.
If the user signs in with Google.
Send firebase ID token to the backend.
Verify ID token, lookup corresponding slack identifier in the hash map with firebase uid keys.
Mint custom token with Firebase uid and slack identifier as custom attribute.
sign in with custom token on the client.

Resources