Cognito

Identity management for your apps

Docs |

Overview

  • Handles user authentication and authorization for your web and mobile apps.

Features

User pool vs Identity pool

Feature
User pool
Identity pool

Purpose

user directory for sign-up and sign-in

temporary credential for access AWS services

Authen

SAML, Facebook, Google...

Supports unauthenticated (guest) access and federated identities.

Use Case

  • Managing user profile

  • Authentication in apps

granting users access to AWS resources

Token

JWT token

AWS credentials

Integration

often use with Identity pool

  • standalone

  • or with User pool

User pool

  • Social IdPs (Google, Facebook...) is based on OpenID, so to add social identity providers to the user pool, provide the app client ID and the app client secret.

Cognito Sync

Gives developers the ability to synchronize user profile data across mobile devices and the web.

Cognito Events

A feature of Cognito Sync, you can invoke a Lambda function in response to important activity in you identity pool.

Enable MFA

You can enable MFA (required, optional) or no MFA option for Cognito User. After enabling, app users can receive SMS or TOTP.

Concepts

  • TOTP: time-based one time password

Last updated