Amazon cognito service provides authentication ,authorization and user management services for mobile and web-apps.
How cognito works ?
during the signup process we can collect user’s some information like username , email , phone ,password etc. and we don’t need to create separate database because cognito by default manages this data for us and we can access this data at any point of time using sdks.
cognito supports both type of authentication for us
- The traditional authentication by getting user’s information like username and password combination .
- Integrating third party social logins like google ,facebook with cognito service
Main components of amazon cognito-:
- user pool
- identity pool
A user pool is a user directory in Amazon Cognito. With a user pool, users can sign in to our web or mobile app through Amazon Cognito. … Whether users sign in directly or through a third party, all members of the user pool have a directory profile that we can access through a Software Development Kit (SDK).
features of user pool-:
- Sign-up and sign-in services.
- A built-in, customizable web UI to sign in users.
- Social sign-in with Facebook, Google, Login with Amazon, and Sign in with Apple, and through SAML and OIDC identity providers from your user pool.
- User directory management and user profiles.
- Security features such as multi-factor authentication (MFA), checks for compromised credentials, account takeover protection, and phone and email verification.
- Customized workflows and user migration through Amazon Lambda triggers.
- Remembering user devices
- fine grained access control with groups
Example-: (admin and subscriber for a blogging website)
- email , phone verification.
- Jwt token , refresh token
amazon Cognito identity pools provide temporary AWS credentials for users who are guests (unauthenticated) and for users who have been authenticated and received a token.
We can use an identity pool when we need to:
- Give our users access to AWS resources, such as an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon DynamoDB table.
- Generate temporary AWS credentials for unauthenticated users.
identity pool does not provide signup ,it provides login only so we we need to use user pool for signup then allow login in idencity pool to the users.
we can also use social login for identity pool .