Demystifying: AWS Cognito

PC: Unsplash

AWS Cognito is user management service build particularly for Mobile applications. It enables user signin, signup and unique identity management.

Cognito is AWS recommended approach for Web Identity Federation, that means whenever we want to Integrate external identity providers with AWS, it should be a go-to option. It has two main components:

1. User Pool: As name suggests, its a pool of registered users. It is a directory used to manage signin and signup functionality of a user. Users can either directly signin/signup into user pool or by getting authenticated by Identity Providers (IdP’s) like Google or Facebook.
2. Identity Pools: This grants unique identity users, access to AWS Services by providing them with unique access credentials.

Cognito helps in synchronization of User data across devices with flawlessly.

Use Case: So, suppose we are developing a Mobile game and we want users to access their data in AWS Dynamo DB, Cognito allows users to authenticate with external Identity Providers, exchanging their unique identity tokens with Temporary AWS Access tokens. Further which authorize users to access Dynamo DB data and hence resumes gaming flawlessly.

How it works:

1. New User lands on custom sign up page. Gets registered by either ways.
2. A new entity gets added to user pool.
3. A Federated user identity is passed to identity pool via callback url.
4. IAM Role credentials with limited privileges is passed to calling SDK.
5. SDK uses that credentials to access required services at AWS platform.

• Integrating AWS Cognito.

PS: AWS AppSync is a newly launched service for User Data Synchronization.

Catch me on LinkedIn