AWS Cognito user pool is a way to provide Authentication to a user of an Application. It is represented as a user directory in Amazon Cognito.
The authentication mechanism provided by AWS Cognito User Pools is:
In Federation, the Identity provider stores the user information. When AWS Cognito User Pools are used as the identity provider, the user directory of AWS Cognito stores the user login details; else, its store in the identity providers’ storage.
The user directory is accessible by an SDK. This can be used by applications to access user profiles.
AWS Cognito User pool provide:
Once a user is authenticated, the application receives a
When you select AWS Cognito in AWS console, you get this screen: .
Since you will configure the User Pool, let’s choose the User Pool Option:
To Make life easier, you can select the Review Defaults, which provides you with a good, basic user pool.
You can also choose to configure each of these ten settings:
Customizing all the settings for user pool creation would be beyond the scope of this Blog. Let’s take these two approaches:
The review pages tell us the following information:
If you carefully watch the Review page and the steps to create a user pool, they will match.
Congrats on creating the default user pool!
Now, you should check out the Hosted UI provided by AWS Cognito for sign-up and login.
AWS Cognito even goes a step further into offloading your user management work as it provides a user sign-in and login page as a hosted web. Let’s see, how can you configure this.
You will use the default user pool created before. Once you have created a User Pool, you can edit a lot of attributes provided here.
To Use the hosted WebUI, you will focus on the App Integration property of the user pool.
To get the Web Hosted UI, you have to use this configuration. If you have your own domain, provide your custom domain; else, use the AWS domain.
On choosing the Add Domain option, you get this screen.
Enter the domain you of your wish and keep a note of it, you will require it later.
The screen will look like this:
You should select the Add an app client option. The screen will look like this:
You should provide the name of the client and de-select the Generate client secret option. This option can be used when you have a server-side component to generate the client secret. Once the app client is created, we will move to Step 4.
Select the App Client Setting, under App Integration. You will get a screen like this.
If you check, the App Client details are already present.
In the above screen, you have to select:
Save the option.
At the bottom of the previous screen, there is an option for Launch Hosted UI. Use this option – you should get a sign-up page like this.
Here is your simple web-hosted for Login and sign up. Although everything may not work, just refer to this as a guideline.
At this point, you can use IAM roles for your application and this authentication to make your application function. However, providing different levels of the authorization will still be the application’s responsibility. If you want to handle this part also, then move to Identity Pool.
Learn more!