0
1
00:00:00,170 --> 00:00:05,750
Now if you remember earlier in the lab
when we created our
1

2
00:00:05,750 --> 00:00:14,610
Cognito identity pool,
we created a role for that to access AWS
2

3
00:00:14,610 --> 00:00:21,240
s3 and also to access AWS the Sync store
as well I'm just going to go back into
3

4
00:00:21,240 --> 00:00:28,230
the ID so we have our user pool and we
have our identity pool, so just going
4

5
00:00:28,230 --> 00:00:36,480
into the identity pool, I'm just going to
click on dashboard and I just going to
5

6
00:00:36,480 --> 00:00:41,040
click on ID edit identity pool and I
just want to have a look at that that
6

7
00:00:41,040 --> 00:00:46,530
role, so you can see here they've got an
authenticated role attached to it now
7

8
00:00:46,530 --> 00:00:51,149
this role doesn't mean anything because
we haven't allowed 
8

9
00:00:51,149 --> 00:00:55,020
unauthenticated access to our application
anyway, so that doesn't matter at all
9

10
00:00:55,020 --> 00:01:00,090
that role, the one that we are
concerned with here is the authenticated
10

11
00:01:00,090 --> 00:01:04,949
role, so I called that a big long name,
now I'll just go back into the I am
11

12
00:01:04,949 --> 00:01:09,110
console and I'll see if I can find that
12

13
00:01:16,130 --> 00:01:19,799
so we're going to roles and see if I can
find that one I'll just search for
13

14
00:01:19,799 --> 00:01:22,430
Cognito
14

15
00:01:23,240 --> 00:01:29,880
okay which one was it it wasn't that one
that was it there okay so that's a role
15

16
00:01:29,880 --> 00:01:33,390
that we created and I'm just going to
expand and have a look at it so just
16

17
00:01:33,390 --> 00:01:50,729
edit policy have a look at the JSON
there, okay so by default this is
17

18
00:01:50,729 --> 00:01:57,569
the only allow that is by default with
the Cognito service so when we sign in
18

19
00:01:57,569 --> 00:02:01,409
with Cognito and we have a Cognito
identity this is a standard role that
19

20
00:02:01,409 --> 00:02:05,130
will be set up that'll give you access
to Cognito sync and of course the
20

21
00:02:05,130 --> 00:02:12,660
Cognito identity pool but what I've done
here is I've also added access to s3 but
21

22
00:02:12,660 --> 00:02:20,280
that s3 access is a limited to listing a
bucket to that directory or that folder
22

23
00:02:20,280 --> 00:02:25,440
of that bucket so it'll be the bucket
which mature but all my bucket is called
23

24
00:02:25,440 --> 00:02:30,889
backspace - lab - pcoady yours will be
different of course they are unique, and
24

25
00:02:30,889 --> 00:02:37,829
then this Cognito use or any Cognito
user will be able to list buckets or
25

26
00:02:37,829 --> 00:02:43,190
will have permissions to list the
buckets within a folder Cognito
26

27
00:02:43,190 --> 00:02:52,350
backspace Academy and then we also have
an allow for "get put and delete" objects
27

28
00:02:52,350 --> 00:02:58,380
so readwrite access to objects and that
will be again in that in that bucket and
28

29
00:02:58,380 --> 00:03:02,970
then a Cognito folder and then a
subfolder called Backspace Academy but
29

30
00:03:02,970 --> 00:03:10,769
we've also got here
the Cognito ID, okay so the the Cognito
30

31
00:03:10,769 --> 00:03:19,590
ID number or user ID for that user
there will be created as a subfolder
31

32
00:03:19,590 --> 00:03:25,049
within this BackSpace Academy folder as
well so they can only access a folder
32

33
00:03:25,049 --> 00:03:30,010
that is in their identity they can't
access any other folder within that
33

34
00:03:30,010 --> 00:03:36,480
bucket and we've also got their
permission to access subfolders of that
34

35
00:03:36,480 --> 00:03:42,580
Cognito identity ID bucket that they've
got there so that allows our users to
35

36
00:03:42,580 --> 00:03:48,940
sign into into Cognito into a user pool
then get their use those credentials or
36

37
00:03:48,940 --> 00:03:55,120
those those those trust relationship to
then get credentials out of Cognito
37

38
00:03:55,120 --> 00:04:02,470
identity and then use those credentials
to access a subfolder in their own
38

39
00:04:02,470 --> 00:04:08,019
Cognito identity name and only that and
that will allow them to read/write
39

40
00:04:08,019 --> 00:04:17,680
access to that so let's have a look at
how that works and back in the Adam IDE
40

41
00:04:17,680 --> 00:04:22,510
so we need to create two functions here
so the first one we need to create is to
41

42
00:04:22,510 --> 00:04:30,130
get our Cognito sync token and then once
we've got our Cognito sync token we can
42

43
00:04:30,130 --> 00:04:38,410
pass that over to the OWS JavaScript SDK
and use it to add an inner record to our
43

44
00:04:38,410 --> 00:04:43,510
new key store database that we've
created so again I'm just going to copy
44

45
00:04:43,510 --> 00:04:48,220
that straight over both of those
functions over from Final and put it
45

46
00:04:48,220 --> 00:04:53,800
into our app jeaious so we can see here
we've got a function for adding that
46

47
00:04:53,800 --> 00:04:58,300
record and we've also got it a function
there for getting that sync token the
47

48
00:04:58,300 --> 00:05:01,810
first thing that we need to do is to
make sure that we do actually have a
48

49
00:05:01,810 --> 00:05:09,849
logged in user if not then we safely
exit the application and what we need to
49

50
00:05:09,849 --> 00:05:17,050
do is that we need to create a Cognito
sync object using the JavaScript SDK now
50

51
00:05:17,050 --> 00:05:20,470
even though that we've created that
object we haven't done anything with it
51

52
00:05:20,470 --> 00:05:24,789
okay we haven't passed anything
information to it and we haven't
52

53
00:05:24,789 --> 00:05:31,780
actually even created a Cognito sync
database now this is something that you
53

54
00:05:31,780 --> 00:05:38,979
will not find in the AWS JavaScript
documentation pretty crazy I don't know
54

55
00:05:38,979 --> 00:05:41,520
but it's not there it doesn't tell you
how to
55

56
00:05:41,520 --> 00:05:46,819
the create the Sync database I know from
experience of having working with
56

57
00:05:46,819 --> 00:05:53,479
Cognito back in the early days that you
need to call list records to create that
57

58
00:05:53,479 --> 00:05:58,800
Cognito Sync database so what we do is
we call list records which is normally
58

59
00:05:58,800 --> 00:06:05,129
used to obviously list the records that
are in that in that database but if
59

60
00:06:05,129 --> 00:06:10,889
there's no database then it will create
a database for you so we need to give it
60

61
00:06:10,889 --> 00:06:15,330
the data set name which will be we've
already defined that earlier on in this
61

62
00:06:15,330 --> 00:06:22,349
code I'll just find that here, we have
already defined it as backspace -users
62

63
00:06:22,349 --> 00:06:26,880
so our data set or database whatever you
want to do it key store will be called
63

64
00:06:26,880 --> 00:06:34,770
backspace - users and then we need to
pass her identity ID for that user and
64

65
00:06:34,770 --> 00:06:40,770
the identity pool ID so that we can
cross-check that identity once that's
65

66
00:06:40,770 --> 00:06:48,180
passed - Cognito sync list of Records
then we'll either get an error or else
66

67
00:06:48,180 --> 00:06:54,199
we're going to get a
Cognito sync session token' sent to us
67

68
00:06:54,199 --> 00:06:59,430
and we can see here so we're going to
have our sync token and our sync count
68

69
00:06:59,430 --> 00:07:05,610
and what we need is we need both of
those to actually pass to the Cognito
69

70
00:07:05,610 --> 00:07:11,370
sync service in order to to add a record
so if that's successful we don't
70

71
00:07:11,370 --> 00:07:15,659
actually have a database before we
started but now it will automatically
71

72
00:07:15,659 --> 00:07:21,990
create that for us and pass us a token
to add records once we have done that we
72

73
00:07:21,990 --> 00:07:30,389
can pass that token and that sync count
to this add record function so the
73

74
00:07:30,389 --> 00:07:36,000
parameters that we need to pass to
update the records or to add a record we
74

75
00:07:36,000 --> 00:07:41,580
need that data set name again we need
the identity ID of the user the identity
75

76
00:07:41,580 --> 00:07:50,279
pool ID and that sync session token that
we just got previously and we also need
76

77
00:07:50,279 --> 00:07:55,800
the sync count
and the identity ID in here as well so
77

78
00:07:55,800 --> 00:08:00,300
what I'm we don't actually have after
actually have the identity identity as
78

79
00:08:00,300 --> 00:08:04,289
such I've just put it in there as a
value so what I'm doing is I'm putting a
79

80
00:08:04,289 --> 00:08:10,110
record in here and the key for that
record is going to be user ID and we're
80

81
00:08:10,110 --> 00:08:14,370
telling it to replace if there is one
already there if there isn't one there
81

82
00:08:14,370 --> 00:08:19,830
then it's going to just create that
record and we need to pass sync count on
82

83
00:08:19,830 --> 00:08:25,530
that which we get from which we got with
our Cognito token and then we can put a
83

84
00:08:25,530 --> 00:08:29,190
value in there so I'm just putting in
the value there of the users identity ID
84

85
00:08:29,190 --> 00:08:34,919
so it's going to create a record that
will have record user ID and the value
85

86
00:08:34,919 --> 00:08:39,209
of that user ID will be the user's
identity ID but you could create a key
86

87
00:08:39,209 --> 00:08:43,709
that says you know their birthday and
then the value of their birthday or
87

88
00:08:43,709 --> 00:08:48,240
whatever it's up to you you use it you
use this sync database however you want
88

89
00:08:48,240 --> 00:08:52,970
it might be for top scorers of a game or
something, okay so once we've done that
89

90
00:08:52,970 --> 00:08:58,410
then we've got that information
available ready to hand over to update
90

91
00:08:58,410 --> 00:09:03,660
records so update record is how you can
actually create a record from scratch or
91

92
00:09:03,660 --> 00:09:09,420
you can update an existing record you
that's okay then we won't get an error
92

93
00:09:09,420 --> 00:09:15,270
this works fine so we'll just save that
and upload that to our bucket and see
93

94
00:09:15,270 --> 00:09:24,589
how we go and again we make sure that
we've got public access to that and
94

95
00:09:24,589 --> 00:09:33,200
again we make sure that we clear our
browser cache and then we can refresh
95

96
00:09:42,500 --> 00:09:46,120
Ok I will sign in
96

97
00:10:02,260 --> 00:10:05,209
okay
I remember my password this time that's
97

98
00:10:05,209 --> 00:10:12,040
great, okay let's add a sync record to
our sync database and see what happens
98

99
00:10:17,079 --> 00:10:21,490
okay let's have a look and see what
happened
99

100
00:10:21,490 --> 00:10:30,139
so we're signed in successfully with we
have called list records and it's given
100

101
00:10:30,139 --> 00:10:36,199
our count of records which is zero and a
Sync count is zero and it's also
101

102
00:10:36,199 --> 00:10:44,449
passed us our sync session token' which
is in here okay and here we go we've got
102

103
00:10:44,449 --> 00:10:48,730
our sync session token' and a data set
count that we've passing over to our
103

104
00:10:48,730 --> 00:10:56,839
add record, okay and so what we get
back here is the record so I'm just
104

105
00:10:56,839 --> 00:11:08,690
going to copy that over and see what we get
back instead of looking at JSON editor
105

106
00:11:08,690 --> 00:11:16,420
and see what happens
106

107
00:11:17,340 --> 00:11:22,330
okay so we've created so it sends back
to us what the record that has been
107

108
00:11:22,330 --> 00:11:30,340
created so we've created a a record with
a key user ID and the value is that
108

109
00:11:30,340 --> 00:11:35,500
users Cognito
identity ID so it's done exactly what we
109

110
00:11:35,500 --> 00:11:40,270
want it to do but again you could create
records for whatever you know high score
110

111
00:11:40,270 --> 00:11:46,150
and then the high score value for that
user for a game for example so that
111

112
00:11:46,150 --> 00:11:51,220
that's that's working quite well so what
we'll do now is that we'll look at using
112

113
00:11:51,220 --> 00:11:56,080
the Amazon s3 service this time with
these federated credentials, let's have a
113

114
00:11:56,080 --> 00:11:58,350
go at that