sample auth flow

auth_flow.ts

// Login to User Pool

const userPoolToken = ... // Get JWT Token from signing in to Cognito User pool here
// Not 100% sure how to do this. AWS Amplify?

// Get Id

const getIdParams = {
    AccountId: 'what is this?',
    IdentityPoolId: 'identity pool',
    Logins: {
        "cognito-idp.<region>.amazonaws.com/<user_pool_id>": userPoolToken
    }
}


const cognitoIdentity = new AWS.CognitoIdentity({ /* api version */ })
const identityId = await cognitoIdentity.getId(getIdParams).promise()

// GetCredentialsForIdentity

const getCredentialsParams = {
    IdentityId: identityId,
    CustomRoleArn: 'Some role here', // Pick the role we want that allows us to access the S3 bucket
    Logins: {
        "cognito-idp.<region>.amazonaws.com/<user_pool_id>": userPoolToken
    }
}

const credentials = await cognitoIdentity.getCredentialsForIdentity(getCredentialsParams).promise()

// Now we have credentials for a particular role, which should let us access the S3 bucket
/*
{
   "Credentials": {
      "AccessKeyId": "string",
      "Expiration": number,
      "SecretKey": "string",
      "SessionToken": "string"
   },
   "IdentityId": "string"
}
*/


// TODO Get the bucket name somehow. 
// Make a call to the backend to get the bucket name.
// ListBuckets can't be called in the browser

const s3 = new AWS.S3({
    accessKeyId: credentials.Credentials?.AccessKeyId
    secretAccessKey: credentials.Credentials?.SecretKey
    // no need session token? so weird
})

// List the objects in the bucket
const listObjectParams = {
    Bucket: ... // bucket name
}

const objects = await s3.listObjectsV2(listObjectParams)