Legacy Dev Forum Posts

 View Only

Sign Up

Back to discussions
Expand all | Collapse all

How to implement authenticated web messaging using Aws Cognito as identity provider

  • 1.  How to implement authenticated web messaging using Aws Cognito as identity provider

    Posted 06-05-2025 18:37

    shenxin | 2024-01-07 20:12:45 UTC | #1

    I have read this AWS Cognito document here: https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html

    I also read this blueprint for genesys okta: https://developer.genesys.cloud/blueprints/messenger-authentication-okta-integration-blueprint/

    The problem is this code example:

    Genesys('registerPlugin', 'AuthProvider', (AuthProvider) => {

  // COMMAND
  // *********
  // getAuthCode

  let oktaTransactionStorage = window.document.cookie.toString(); // Get nonce from cookie

  if (oktaTransactionStorage) {
  const storage = oktaTransactionStorage.split('okta-oauth-nonce=')[1]; // Extract 'okta-oauth-nonce' cookie from 'oktaTransactionStorage'
  const nonce = storage.split(';')[0];
  }

  const urlParams = new URLSearchParams(window.location.search); // Get the authorization response which is added as a query string from the redirect URL
  const authCode = urlParams.has('code') ? urlParams.get('code'); // Get code from the query string
  const iss = urlParams.has('iss') ? urlParams.get('iss'); // Get optional iss parameter from the query string. urlParams will decode this issuer URL if it is encoded.

  /* Register Command - mandatory */

  AuthProvider.registerCommand('getAuthCode', (e) => {

  //Messenger calls this command to get the the tokens.

  e.resolve({
      authCode: <authCode>,			// Pass your authCode here
      redirectUri: <your redirect uri>,	   // Pass the redirection URI configured in your authentication provider here
      nonce: <nonce>,				//  Mandatory parameter in OKTA Javascript SDK approach.
      maxAge: <maxAge>				// Pass the elapsed time in seconds as an optional parameter
      codeVerifier: <codeVerifier>		// For PKCE Oauth flow: If you use the Okta Auth JavaScript SDK to authenticate signin, get the code verifier from session storage. If you use the endpoint to authenticate signin, pass a cryptographically random string that you used to generate the codeChallenge value.
      iss: <iss>					// Pass the optional parameter iss if it was returned in the authorization response by your Authentication provider.
    });
  });
});

    I can not pass authCode: <authCode>, to e.resolve(), because my user is already authenticated and auth code is gone. Auth code is used to retrieve access token. I can only provide access token for my authenticated user. Can I provide access token somewhere directly for authenticated message?

    Do you have an example authenticated web messageing using AWS Cognito as identity provider?

    system | 2024-02-06 20:10:25 UTC | #2

    This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

    This post was migrated from the old Developer Forum.

    ref: 23977



Related Content