userPoolWebClientId

[jonsmirl]

Docs should mention that when creating the Cognito user pool that you should uncheck the check box for generating a client secret when used with a web app. Might also mention that you can have multiple apps connected to a single pool, so the web app has the secret turned off and the mobile app has it turned on.

[jonsmirl]

Another item for docs. The authorized applications on your User Pool have to be duplicated onto the linked Federation Pool. I had only authorized my app on the User Pool and spent an hour figuring out that it was failing because the app has to be authorized in two places.

[mlabieniec]

@jonsmirl thanks for the feedback. The Cognito docs have this within the Integrating User Pools for JavaScript Apps

I'm not clear on what you mean by the application duplicated onto the Federation Pool. Do you mean needing to add the User Pool to the Federated Identity Pool as a provider? If so, this is detailed within the Cognito docs as well here

We'll try and see if we can clarify this better within the docs here when manually creating resources and/or linking existing. Thanks for the feedback.

[DanielApt]

@jonsmirl - this is great, was completely stuck because I did not know secret needed to be unchecked.

FYI @mlabieniec - As you seem to be owning this repo (thank you!) and the mobile-cli, I though I'd share my (new) customer flow:

1. Hmm… AWS Amplify helps me integrate AWS in my JS app, maybe I can add this to my React app.
2. Let's add authentication, I scroll down to the Add Authentication to your App section.
3. Hmmm… what's this aws-exports (note, as a customer I haven't used the mobile-cli before)?
4. Scroll up to Documentation and select the Authentication link.
5. I scroll down to the Manual Set-Up section, where I learn I need to input the values for {identityPoolId, region, userPoolId, userPoolWebClientId}
6. I create a user pool with AWS Cognito
7. Still does not work…?
8. Ah… I guess I need to go the Federated Identities tab in AWS Cognito?
9. I create one with the default settings
10. Hmmm… when userPoolId is provided, userPoolWebClientId becomes required.
11. Let's create an app with the default settings (note, with the default settings a secret is generated for the app)
12. Still does not work, because of the secret on the app.
13. Get stuck, and with quite a bit of googling find this closed issue.
14. Re-create the app without a secret.
15. Success!

My suggestions to fix this customer flow:

1. User test — I am certain a great deal of these issues would emerge.
2. Under the Add Authentication to your App add link-outs to the more detailed Authentication documentation.

Happy to provide more detail and help out.
PS: we're both part of Amazon, so hit me up via the Phonetool or Chime ;-)

[mlabieniec]

@DanielApt we are working on overhauling the docs and this is on our list to update as well, thank you for this feedback though definitely helpful

[Daanoz]

As an additional note:

According to the manual setup mentioned by @DanielApt, the userPoolWebClientId should be in this format:

        userPoolWebClientId: 'XX-XXXX-X_abcd1234', //OPTIONAL - Amazon Cognito Web Client ID

Which is not true (at least not for me), the prefix hinting at the region should NOT be there!

[willmtl]

Yeah that thew me off as well. Mine is a 26 digits and characters string. No region.

[jarbot]

The config object does not match any of the naming convention in the AWS Cognito console. I can't get passed this treasure hunt of finding all of these strings.

[Legym]

You can find all the creds

Amplify.configure({
    Auth: {
        identityPoolId: 'XX',  (Federated Identities > Selected Identity Pool/Create new > Sample code > Select Javascript > Get AWS Credentials)
        region: 'us-east-1', (User pools > General Settings > Pool Id) The first part of the Pool Id us-east-1
        userPoolId: 'us-east-1_XXXXXX', (User pools > General Settings > Pool Id)
        userPoolWebClientId: 'XXXXXXXXX', (User pools > General Settings > App clients > App client id)
    },
});

userPoolWebClientId: Make sure you don’t have a secret key in the input field

edit: I realize you can find this information if you add your App client id to the Federated Identities. You need to click on edit identity pool

[danmardzo]

Small note, the main docs are still not updated Angular quick start. userPoolWebClient still has a different format.

The more detailed Authentication page has the correct format though.

[ngocketit]

What should I use for the app client which is going to be used for the mobile app? userPoolWebClientId is for the Web app only I guess.

[github-actions]

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.