This course explores Amazon Cognito and how it can be used to manage authentication and authorization to your apps. We'll start with a general overview of Amazon Cognito and when to use it. Then we move on to user pools and identity pools. We round off the course by looking at how Amazon Cognito can be integrated with mobile and web apps and how to sync your app's user data across various platforms.
Learning Objectives
- Create your own authentication mechanisms using Amazon Cognito
- Create your own customized UI for user sign in
- Create a secure user directory for all your applications and users
Intended Audience
This course is intended for anyone who is trying to understand what mechanisms are available for user authentication within AWS and specifically, those who want to use third-party identity providers, such as Apple, Facebook, Google, and Amazon.
Prerequisites
- A decent understanding of cloud computing and cloud architectures, specifically with Amazon Web Services
- Familiarity with basic security terminology, IAM, user authentication, and federation
- It is helpful to know about Active Directory and other AD type services
Now that we know a little bit more about User pools, let’s quickly examine how the authentication flow is handled by your application and the service.
Your user will be presented with a login screen or terminal of some sort from within your application. They will submit their credentials, either from having created an account directly or by logging into a third-party provider.
The application will call the InitiateAuth operation with those credentials. This API call kicks off the authentication flow. It directly indicates to amazon Cognito that you want to authenticate.
If the call is successful - Cognito will respond either with a token or with a challenge.
A challenge can include CAPTCHAs or Dynamic challenge questions. These are normally used to help screen for bots. You can insert your own custom challenges if you wish. This will be sent back to the client and it now becomes Their problem.
When the client is ready to respond back to the server(cognito), they can reply with RespondToAuthChallenge and provide whatever information the challenge requires back. If the user fails the challenge, you can have Cognito set up to resend a new one. This can include multiple rounds until the user is successful or fails out.
If successful Cognito will shoot back some tokens for the client to use - Hurray authentication!
For a deeper dive into the process please take a look over here.
William Meadows is a passionately curious human currently living in the Bay Area in California. His career has included working with lasers, teaching teenagers how to code, and creating classes about cloud technology that are taught all over the world. His dedication to completing goals and helping others is what brings meaning to his life. In his free time, he enjoys reading Reddit, playing video games, and writing books.