SlideShare a Scribd company logo

Deep Dive on Amazon Cognito - DevDay Austin 2017

Amazon Web Services
Amazon Web Services
1 of 32
Download to read offline
WIFI: awsDevDay | PASS: CodeHappy U P N E X T : Amazon Cognito
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Justin Pirtle, Solutions Architect August 12, 2017 Deep Dive on Amazon Cognito
Topics § AWS Mobile Services and Amazon Cognito § Introduction to Amazon Cognito Identity § Summary of Features § Sample Use Cases § Getting Started § Q & A § Demo
Authenticate users Analyze User Behavior Store and share media Synchronize data Deliver media Amazon Cognito (Sync) Amazon Cognito (Identity) Amazon S3 Amazon CloudFront Store data Amazon DynamoDB Amazon RDS Run Targeted Campaigns Send push notifications Amazon SNS Mobile Push Server-side logic Lambda Device Farm Test your app Build and Scale Your Apps on AWS Amazon Pinpoint Amazon Pinpoint
AWS Mobile Hub: Fastest Way to Build Apps on AWS
Identity is mission critical for applications Authentication User ManagementAuthorization § Manage user lifecycles § Store and manage user profile data § Monitor engagement § Protect data and operations § Provide fine-grained access control § Sign in users § Enable federation with enterprise identities § Enable federation with social identities User Identity
Your User Pools Add user sign-up and sign- in easily to your mobile and web apps without worrying about server infrastructure Serverless Authentication and User Management Verify phone numbers and email addresses and offer multi-factor authentication Enhanced Security Features Launch a simple, secure, low-cost, and fully managed service to create and maintain a user directory that scales to 100s of millions of users Managed User Directory 1 2 3
Comprehensive User Flows Email or Phone Number Verification Forgot Password User Sign-Up and Sign-In Require users to verify their email address or phone number prior to activating their account with a one-time password challenge Provide users the ability to change their password when they forget it with a one- time password challenge Allow users to sign up and sign in using an email, phone number, or username (and password) for your application. User Profile Data Enable users to view and update their profile data – including custom attributes SMS Multifactor Authentication Require users to complete a second factor of authentication by inputting a security code received via SMS as part of the sign-in flow Customize these User Flows Using Lambda Token Based Authentication Use JSON Web Tokens (JWTs) based on OpenID Connect (OIDC) and OAuth 2.0 standards for user authentication in your backend
Custom User Flows Using Lambda Hooks 10 Category Lambda Hook Example Scenarios Custom Authentication Flow Define Auth Challenge Determines the next challenge in a custom auth flow Create Auth Challenge Creates a challenge in a custom auth flow Verify Auth Challenge Response Determines if a response is correct in a custom auth flow Authentication Events Pre Authentication Custom validation to accept or deny the sign-in request Post Authentication Event logging for custom analytics Sign-Up Pre Sign-up Custom validation to accept or deny the sign-up request Post Confirmation Custom welcome messages or event logging for custom analytics Messages Custom Message Advanced customization and localization of messages
Extensive Admin Capabilities Define Custom Attributes Set per-App Permissions Set up Password Policies Create and manage User Pools Define custom attributes for your user profiles Set read and write permissions for each user attribute on a per-app basis Enforce password policies like minimum length and requirement of certain types of characters Create, configure, and delete multiple user pools across AWS regions Require Submission of Attribute Data Select which attributes must be provided by the user prior to completion of the sign-up process Search Users Search users based on a full match or a prefix match of their attributes through the console or Admin API Manage Users Conduct admin actions, such as reset user password, confirm user, enable MFA, delete user, and global sign-out
App Integration and Federation in User Pools Built-in, Customizable User Interface for Sign up / Sign in OAuth 2.0 SupportFederation with Facebook, Login with Amazon, Google, and SAML providers 1 2 3
Built-in, Customizable User Interface Upload your own logo and adjust CSS properties to fit your style and branding
Federation with Cognito User Pools • Built-in integrations with identity providers • Social: Facebook, Google, Login with Amazon • Corporate via SAML 2.0 • Map user attributes into User Pool profiles • Universal directory with common set of profiles and tokens for all users CUP Token Cognito User Pool
Support for OAuth 2.0 in Cognito User Pools • OAuth 2.0 flows: • Authorization code • Implicit • Client credentials • Custom scopes defined for resource servers
Cognito Federated Identities (Identity Pools) • Exchanges tokens from authenticated users for AWS credentials to access resources such as S3 or DynamoDB • You can defined rules for mapping users to different IAM roles to manage permissions • Provides an identity pool id to uniquely identify users Cognito Identity Pool AWS Credentials / / etc token Mobile or web app DynamoDB S3 API GW Access backend resources - tied to IAM role 1 3 2
Two Ways to Federate with Amazon Cognito Cognito User Pools Cognito Identity Pools • Handles the IdP interactions for you • Provides profiles to manage users • Provides OpenID Connect and OAuth2.0 standard tokens • Priced per monthly active user • Provides AWS credentials for accessing resources on behalf of users • Supports rules to map users to different IAM roles • Free
Sample Use Cases
Amazon Cognito: Identity Management Scenarios Business to Consumer Business to Business Business to Employee IoT Scenarios Enterprise DirectoryEnterprise Directory SAML Enterprise Directory SAML AWS IoT
Amazon Cognito: Authorization Scenarios Standalone Identity Provider Amazon API Gateway AWS Credentials Resources • OIDC and OAuth 2.0 tokens from User Pools can be used directly to access backend resources CUP Token CUP Token CUP Token CUP Token AWS IAM AWS Credentials AWS Services S3DDBLambda • User Pool tokens authorize requests via Amazon API Gateway • Token claims can be inspected • Temporary AWS credentials provide access to AWS services • Users can be mapped to different roles and policies API GW
Cognito User Pools and Amazon API Gateway Native Support Custom Authorizer Function Control access to your APIs using bearer token authentication strategies, such as OAuth or SAML – API Gateway’s custom authorizer feature uses bearer tokens to determine access privileges Configure API Gateway to accept ID tokens to authorize users based on their existence in a user pool – User Pools works together with API Gateway to authorize API requests 1 2
Getting Started with Your User Pools See aws.amazon.com/cognito/dev-resources/ for links to § Getting Started Guides § Documentation, SDKs, and Sample Apps § Videos § Presentation Slides § Blog Posts § Developer Forums
Demo
Q & A § Visit aws.amazon.com/cognito/ to learn more § Find resources at aws.amazon.com/cognito/dev-resources/ § Get started with the beta features at docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito- federation-beta-release-overview.html § Ask questions at the AWS Developer Forum or Stack Overflow (‘amazon-cognito’ tag)
Thank You!
Don’t Forget Evaluations!
Appendix
Groups Cognito User Pools Groups and Multiple Authenticated Roles Group A IAM Role A Group B IAM Role B … Authenticated User Identity Get Credentials Multiple Roles for Authenticated Identities Cognito Federated Identities IAM Role and Policy IAM Role and Policy IAM Role and Policy Backend Resources MaptodifferentIAMroles API Gateway DynamoDB S3 ControlAccess
Control Attribute Permissions Choose which user attributes each app can read and write Read Write name phone custom:paid
Creating Users as an Administrator § Developers or administrators can create users in a user pool and send them an optional, customizable invitation email or SMS message § New users sign in with a temporary password and create a new password § User pools can be configured to only allow users created by an administrator
Importing Existing Users Batch Imports § Import users by uploading .csv files § Users will create a new password when they first sign-in § Each imported user must have an email address or a phone number One-at-a-Time Migration § Migrate users individually as they sign in § App first tries to sign in via Cognito, if user does not exist, app signs in via prior identity system, captures username and password, and silently creates user in Cognito § Retains passwords, but requires app coding and maintenance of prior system for some period Prior IdP
Understanding User Status § New users start with “Registered” status § Users must be confirmed before they can sign-in § Users must be disabled before they can be deleted Registered (cannot sign in) Sign-up Confirmed Disabled Admin Confirm Confirm via email/phone or Disable Delete (deleted) Lambda Trigger: Pre Sign-up Reset Required User import Force Change Password Admin Create User Reset password Enable

Recommended

Authentication and Identity with Amazon Cognito
Authentication and Identity with Amazon CognitoAuthentication and Identity with Amazon Cognito
Authentication and Identity with Amazon CognitoAmazon Web Services
 
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech TalksDeep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech TalksAmazon Web Services
 
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Amazon Web Services
 
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksDeep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksAmazon Web Services
 
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Amazon Web Services
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
 
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Amazon Web Services
 
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Amazon Web Services
 

Recommended

Authentication and Identity with Amazon Cognito
Authentication and Identity with Amazon CognitoAuthentication and Identity with Amazon Cognito
Authentication and Identity with Amazon CognitoAmazon Web Services
 
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech TalksDeep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech TalksAmazon Web Services
 
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Amazon Web Services
 
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksDeep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksAmazon Web Services
 
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Amazon Web Services
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
 
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Amazon Web Services
 
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Amazon Web Services
 
AWS Cognito User Pool - Practical Guide
AWS Cognito User Pool - Practical GuideAWS Cognito User Pool - Practical Guide
AWS Cognito User Pool - Practical GuideRobert Senktas
 
Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...
Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...
Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...Amazon Web Services
 
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...Amazon Web Services
 
(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014
(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014
(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014Amazon Web Services
 
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...Amazon Web Services
 
Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...
Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...
Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...Amazon Web Services
 
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSAWS User Group Kochi
 
amazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutesamazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutesVladimir Budilov
 
Scaling your Mobile App Development in the Cloud - DevNexus
Scaling your Mobile App Development in the Cloud - DevNexusScaling your Mobile App Development in the Cloud - DevNexus
Scaling your Mobile App Development in the Cloud - DevNexusTara Walker
 
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Web Services
 
Getting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar SeriesGetting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar SeriesAmazon Web Services
 
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...Amazon Web Services
 
Mobile Application Development and Testing on AWS
Mobile Application Development and Testing on AWSMobile Application Development and Testing on AWS
Mobile Application Development and Testing on AWSAmazon Web Services
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 
Build Your Mobile App Faster with AWS Mobile Services (Part 1 - AWS)
Build Your Mobile App Faster with AWS Mobile Services (Part 1 - AWS)Build Your Mobile App Faster with AWS Mobile Services (Part 1 - AWS)
Build Your Mobile App Faster with AWS Mobile Services (Part 1 - AWS)Amazon Web Services
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Amazon Web Services
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 
Lamdba micro service using Amazon Api Gateway
Lamdba micro service using Amazon Api GatewayLamdba micro service using Amazon Api Gateway
Lamdba micro service using Amazon Api GatewayMike Becker
 
Authentication Server
Authentication ServerAuthentication Server
Authentication ServerAbhishek Chikane
 
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017Amazon Web Services
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Web Services
 

More Related Content

What's hot

AWS Cognito User Pool - Practical Guide
AWS Cognito User Pool - Practical GuideAWS Cognito User Pool - Practical Guide
AWS Cognito User Pool - Practical GuideRobert Senktas
 
Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...
Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...
Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...Amazon Web Services
 
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...Amazon Web Services
 
(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014
(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014
(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014Amazon Web Services
 
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...Amazon Web Services
 
Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...
Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...
Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...Amazon Web Services
 
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSAWS User Group Kochi
 
amazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutesamazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutesVladimir Budilov
 
Scaling your Mobile App Development in the Cloud - DevNexus
Scaling your Mobile App Development in the Cloud - DevNexusScaling your Mobile App Development in the Cloud - DevNexus
Scaling your Mobile App Development in the Cloud - DevNexusTara Walker
 
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Web Services
 
Getting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar SeriesGetting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar SeriesAmazon Web Services
 
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...Amazon Web Services
 
Mobile Application Development and Testing on AWS
Mobile Application Development and Testing on AWSMobile Application Development and Testing on AWS
Mobile Application Development and Testing on AWSAmazon Web Services
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 
Build Your Mobile App Faster with AWS Mobile Services (Part 1 - AWS)
Build Your Mobile App Faster with AWS Mobile Services (Part 1 - AWS)Build Your Mobile App Faster with AWS Mobile Services (Part 1 - AWS)
Build Your Mobile App Faster with AWS Mobile Services (Part 1 - AWS)Amazon Web Services
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Amazon Web Services
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 
Lamdba micro service using Amazon Api Gateway
Lamdba micro service using Amazon Api GatewayLamdba micro service using Amazon Api Gateway
Lamdba micro service using Amazon Api GatewayMike Becker
 

What's hot (20)

AWS Cognito User Pool - Practical Guide
AWS Cognito User Pool - Practical GuideAWS Cognito User Pool - Practical Guide
AWS Cognito User Pool - Practical Guide
 
Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...
Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...
Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...
 
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
 
(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014
(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014
(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014
 
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
 
Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...
Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...
Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...
 
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
 
amazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutesamazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutes
 
Scaling your Mobile App Development in the Cloud - DevNexus
Scaling your Mobile App Development in the Cloud - DevNexusScaling your Mobile App Development in the Cloud - DevNexus
Scaling your Mobile App Development in the Cloud - DevNexus
 
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
 
Getting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar SeriesGetting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar Series
 
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
 
Mobile Application Development and Testing on AWS
Mobile Application Development and Testing on AWSMobile Application Development and Testing on AWS
Mobile Application Development and Testing on AWS
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
 
Build Your Mobile App Faster with AWS Mobile Services (Part 1 - AWS)
Build Your Mobile App Faster with AWS Mobile Services (Part 1 - AWS)Build Your Mobile App Faster with AWS Mobile Services (Part 1 - AWS)
Build Your Mobile App Faster with AWS Mobile Services (Part 1 - AWS)
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based Authentication
 
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaication
 
Lamdba micro service using Amazon Api Gateway
Lamdba micro service using Amazon Api GatewayLamdba micro service using Amazon Api Gateway
Lamdba micro service using Amazon Api Gateway
 
Authentication Server
Authentication ServerAuthentication Server
Authentication Server
 

Similar to Deep Dive on Amazon Cognito - DevDay Austin 2017

Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017Amazon Web Services
 
Add User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon CognitoAdd User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon CognitoAmazon Web Services
 
Announcements for Mobile Developers
Announcements for Mobile DevelopersAnnouncements for Mobile Developers
Announcements for Mobile DevelopersAmazon Web Services
 
User Identity and Authentication
User Identity and AuthenticationUser Identity and Authentication
User Identity and AuthenticationAmazon Web Services
 
AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...
AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...
AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...Amazon Web Services
 
User Authentication and Identity with Amazon Cognito
User Authentication and Identity with Amazon CognitoUser Authentication and Identity with Amazon Cognito
User Authentication and Identity with Amazon CognitoAmazon Web Services
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
 
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...Amazon Web Services
 
Serverless identity management, authentication, and authorization - SDD405-R ...
Serverless identity management, authentication, and authorization - SDD405-R ...Serverless identity management, authentication, and authorization - SDD405-R ...
Serverless identity management, authentication, and authorization - SDD405-R ...Amazon Web Services
 
SID201 Overview of AWS Identity, Directory, and Access Services
SID201 Overview of AWS Identity, Directory, and Access Services SID201 Overview of AWS Identity, Directory, and Access Services
SID201 Overview of AWS Identity, Directory, and Access ServicesAmazon Web Services
 
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...Amazon Web Services
 
Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...
Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...
Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...Amazon Web Services
 
Building Mobile Apps on AWS at Websummit Diublin
Building Mobile Apps on AWS at Websummit DiublinBuilding Mobile Apps on AWS at Websummit Diublin
Building Mobile Apps on AWS at Websummit DiublinAmazon Web Services
 
(MBL311) Workshop: Build an Android App Using AWS Mobile Services | AWS re:In...
(MBL311) Workshop: Build an Android App Using AWS Mobile Services | AWS re:In...(MBL311) Workshop: Build an Android App Using AWS Mobile Services | AWS re:In...
(MBL311) Workshop: Build an Android App Using AWS Mobile Services | AWS re:In...Amazon Web Services
 

Similar to Deep Dive on Amazon Cognito - DevDay Austin 2017 (20)

Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
 
Cognito Customer Deep Dive
Cognito Customer Deep DiveCognito Customer Deep Dive
Cognito Customer Deep Dive
 
Add User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon CognitoAdd User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon Cognito
 
Announcements for Mobile Developers
Announcements for Mobile DevelopersAnnouncements for Mobile Developers
Announcements for Mobile Developers
 
User Identity and Authentication
User Identity and AuthenticationUser Identity and Authentication
User Identity and Authentication
 
AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...
AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...
AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...
 
User Authentication and Identity with Amazon Cognito
User Authentication and Identity with Amazon CognitoUser Authentication and Identity with Amazon Cognito
User Authentication and Identity with Amazon Cognito
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...
 
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
 
Serverless identity management, authentication, and authorization - SDD405-R ...
Serverless identity management, authentication, and authorization - SDD405-R ...Serverless identity management, authentication, and authorization - SDD405-R ...
Serverless identity management, authentication, and authorization - SDD405-R ...
 
SID201 Overview of AWS Identity, Directory, and Access Services
SID201 Overview of AWS Identity, Directory, and Access Services SID201 Overview of AWS Identity, Directory, and Access Services
SID201 Overview of AWS Identity, Directory, and Access Services
 
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
 
Amazon Cognito
Amazon CognitoAmazon Cognito
Amazon Cognito
 
Building mobile apps on AWS
Building mobile apps on AWSBuilding mobile apps on AWS
Building mobile apps on AWS
 
Building mobile apps on aws
Building mobile apps on awsBuilding mobile apps on aws
Building mobile apps on aws
 
Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...
Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...
Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...
 
Building Secure Mobile APIs
Building Secure Mobile APIsBuilding Secure Mobile APIs
Building Secure Mobile APIs
 
Building Mobile Apps on AWS at Websummit Diublin
Building Mobile Apps on AWS at Websummit DiublinBuilding Mobile Apps on AWS at Websummit Diublin
Building Mobile Apps on AWS at Websummit Diublin
 
(MBL311) Workshop: Build an Android App Using AWS Mobile Services | AWS re:In...
(MBL311) Workshop: Build an Android App Using AWS Mobile Services | AWS re:In...(MBL311) Workshop: Build an Android App Using AWS Mobile Services | AWS re:In...
(MBL311) Workshop: Build an Android App Using AWS Mobile Services | AWS re:In...
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Deep Dive on Amazon Cognito - DevDay Austin 2017

  • 1.
  • 2. WIFI: awsDevDay | PASS: CodeHappy U P N E X T : Amazon Cognito
  • 3. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Justin Pirtle, Solutions Architect August 12, 2017 Deep Dive on Amazon Cognito
  • 4. Topics § AWS Mobile Services and Amazon Cognito § Introduction to Amazon Cognito Identity § Summary of Features § Sample Use Cases § Getting Started § Q & A § Demo
  • 5. Authenticate users Analyze User Behavior Store and share media Synchronize data Deliver media Amazon Cognito (Sync) Amazon Cognito (Identity) Amazon S3 Amazon CloudFront Store data Amazon DynamoDB Amazon RDS Run Targeted Campaigns Send push notifications Amazon SNS Mobile Push Server-side logic Lambda Device Farm Test your app Build and Scale Your Apps on AWS Amazon Pinpoint Amazon Pinpoint
  • 6. AWS Mobile Hub: Fastest Way to Build Apps on AWS
  • 7. Identity is mission critical for applications Authentication User ManagementAuthorization § Manage user lifecycles § Store and manage user profile data § Monitor engagement § Protect data and operations § Provide fine-grained access control § Sign in users § Enable federation with enterprise identities § Enable federation with social identities User Identity
  • 8. Your User Pools Add user sign-up and sign- in easily to your mobile and web apps without worrying about server infrastructure Serverless Authentication and User Management Verify phone numbers and email addresses and offer multi-factor authentication Enhanced Security Features Launch a simple, secure, low-cost, and fully managed service to create and maintain a user directory that scales to 100s of millions of users Managed User Directory 1 2 3
  • 9. Comprehensive User Flows Email or Phone Number Verification Forgot Password User Sign-Up and Sign-In Require users to verify their email address or phone number prior to activating their account with a one-time password challenge Provide users the ability to change their password when they forget it with a one- time password challenge Allow users to sign up and sign in using an email, phone number, or username (and password) for your application. User Profile Data Enable users to view and update their profile data – including custom attributes SMS Multifactor Authentication Require users to complete a second factor of authentication by inputting a security code received via SMS as part of the sign-in flow Customize these User Flows Using Lambda Token Based Authentication Use JSON Web Tokens (JWTs) based on OpenID Connect (OIDC) and OAuth 2.0 standards for user authentication in your backend
  • 10. Custom User Flows Using Lambda Hooks 10 Category Lambda Hook Example Scenarios Custom Authentication Flow Define Auth Challenge Determines the next challenge in a custom auth flow Create Auth Challenge Creates a challenge in a custom auth flow Verify Auth Challenge Response Determines if a response is correct in a custom auth flow Authentication Events Pre Authentication Custom validation to accept or deny the sign-in request Post Authentication Event logging for custom analytics Sign-Up Pre Sign-up Custom validation to accept or deny the sign-up request Post Confirmation Custom welcome messages or event logging for custom analytics Messages Custom Message Advanced customization and localization of messages
  • 11. Extensive Admin Capabilities Define Custom Attributes Set per-App Permissions Set up Password Policies Create and manage User Pools Define custom attributes for your user profiles Set read and write permissions for each user attribute on a per-app basis Enforce password policies like minimum length and requirement of certain types of characters Create, configure, and delete multiple user pools across AWS regions Require Submission of Attribute Data Select which attributes must be provided by the user prior to completion of the sign-up process Search Users Search users based on a full match or a prefix match of their attributes through the console or Admin API Manage Users Conduct admin actions, such as reset user password, confirm user, enable MFA, delete user, and global sign-out
  • 12. App Integration and Federation in User Pools Built-in, Customizable User Interface for Sign up / Sign in OAuth 2.0 SupportFederation with Facebook, Login with Amazon, Google, and SAML providers 1 2 3
  • 13. Built-in, Customizable User Interface Upload your own logo and adjust CSS properties to fit your style and branding
  • 14. Federation with Cognito User Pools • Built-in integrations with identity providers • Social: Facebook, Google, Login with Amazon • Corporate via SAML 2.0 • Map user attributes into User Pool profiles • Universal directory with common set of profiles and tokens for all users CUP Token Cognito User Pool
  • 15. Support for OAuth 2.0 in Cognito User Pools • OAuth 2.0 flows: • Authorization code • Implicit • Client credentials • Custom scopes defined for resource servers
  • 16. Cognito Federated Identities (Identity Pools) • Exchanges tokens from authenticated users for AWS credentials to access resources such as S3 or DynamoDB • You can defined rules for mapping users to different IAM roles to manage permissions • Provides an identity pool id to uniquely identify users Cognito Identity Pool AWS Credentials / / etc token Mobile or web app DynamoDB S3 API GW Access backend resources - tied to IAM role 1 3 2
  • 17. Two Ways to Federate with Amazon Cognito Cognito User Pools Cognito Identity Pools • Handles the IdP interactions for you • Provides profiles to manage users • Provides OpenID Connect and OAuth2.0 standard tokens • Priced per monthly active user • Provides AWS credentials for accessing resources on behalf of users • Supports rules to map users to different IAM roles • Free
  • 19. Amazon Cognito: Identity Management Scenarios Business to Consumer Business to Business Business to Employee IoT Scenarios Enterprise DirectoryEnterprise Directory SAML Enterprise Directory SAML AWS IoT
  • 20. Amazon Cognito: Authorization Scenarios Standalone Identity Provider Amazon API Gateway AWS Credentials Resources • OIDC and OAuth 2.0 tokens from User Pools can be used directly to access backend resources CUP Token CUP Token CUP Token CUP Token AWS IAM AWS Credentials AWS Services S3DDBLambda • User Pool tokens authorize requests via Amazon API Gateway • Token claims can be inspected • Temporary AWS credentials provide access to AWS services • Users can be mapped to different roles and policies API GW
  • 21. Cognito User Pools and Amazon API Gateway Native Support Custom Authorizer Function Control access to your APIs using bearer token authentication strategies, such as OAuth or SAML – API Gateway’s custom authorizer feature uses bearer tokens to determine access privileges Configure API Gateway to accept ID tokens to authorize users based on their existence in a user pool – User Pools works together with API Gateway to authorize API requests 1 2
  • 22. Getting Started with Your User Pools See aws.amazon.com/cognito/dev-resources/ for links to § Getting Started Guides § Documentation, SDKs, and Sample Apps § Videos § Presentation Slides § Blog Posts § Developer Forums
  • 23. Demo
  • 24. Q & A § Visit aws.amazon.com/cognito/ to learn more § Find resources at aws.amazon.com/cognito/dev-resources/ § Get started with the beta features at docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito- federation-beta-release-overview.html § Ask questions at the AWS Developer Forum or Stack Overflow (‘amazon-cognito’ tag)
  • 28. Groups Cognito User Pools Groups and Multiple Authenticated Roles Group A IAM Role A Group B IAM Role B … Authenticated User Identity Get Credentials Multiple Roles for Authenticated Identities Cognito Federated Identities IAM Role and Policy IAM Role and Policy IAM Role and Policy Backend Resources MaptodifferentIAMroles API Gateway DynamoDB S3 ControlAccess
  • 29. Control Attribute Permissions Choose which user attributes each app can read and write Read Write name phone custom:paid
  • 30. Creating Users as an Administrator § Developers or administrators can create users in a user pool and send them an optional, customizable invitation email or SMS message § New users sign in with a temporary password and create a new password § User pools can be configured to only allow users created by an administrator
  • 31. Importing Existing Users Batch Imports § Import users by uploading .csv files § Users will create a new password when they first sign-in § Each imported user must have an email address or a phone number One-at-a-Time Migration § Migrate users individually as they sign in § App first tries to sign in via Cognito, if user does not exist, app signs in via prior identity system, captures username and password, and silently creates user in Cognito § Retains passwords, but requires app coding and maintenance of prior system for some period Prior IdP
  • 32. Understanding User Status § New users start with “Registered” status § Users must be confirmed before they can sign-in § Users must be disabled before they can be deleted Registered (cannot sign in) Sign-up Confirmed Disabled Admin Confirm Confirm via email/phone or Disable Delete (deleted) Lambda Trigger: Pre Sign-up Reset Required User import Force Change Password Admin Create User Reset password Enable