In out application we want authentication with AWS Cognito identity pool with Google provider. We also using role rules claims to map roles to users by their emails.
The frontend code to login look like this:
export function logIn() {
const ga = window.gapi.auth2.getAuthInstance();
return new Promise((resolve, reject) => {
ga.signIn().then(
async (googleUser) => {
console.log({googleUser});
const gaResp = googleUser.getAuthResponse();
console.log({gaResp});
const { id_token, expires_at } = gaResp;
const user = {
email: 'asdasdasd',
name: 'ssssssssssssss',
};
const credentials = await Auth.federatedSignIn(
'google',
{ token: id_token, expires_at },
user,
);
resolve();
console.log({credentials});
},
(error) => {
console.log(error);
},
);
});
}
This will popup a google window asking what account user what to use for authentication and will back with token_id which is then used to Auth.federatedSignIn to get credentials needed for appSync client.
How now client can get information about roles attached to him using identity pool role rules claims?
Client should know his role to be able to render only relevant part on interface.