Cognito

Identity management for your apps

Docs |

Overview

• Handles user authentication and authorization for your web and mobile apps.

Features

User pool vs Identity pool

Feature	User pool	Identity pool
Purpose	user directory for sign-up and sign-in	temporary credential for access AWS services
Authen	SAML, Facebook, Google...	Supports unauthenticated (guest) access and federated identities.
Use Case	Managing user profile Authentication in apps	granting users access to AWS resources
Token	JWT token	AWS credentials
Integration	often use with Identity pool	standalone or with User pool

User pool

• Social IdPs (Google, Facebook...) is based on OpenID, so to add social identity providers to the user pool, provide the app client ID and the app client secret.

Cognito Sync

Gives developers the ability to synchronize user profile data across mobile devices and the web.

Cognito Events

A feature of Cognito Sync, you can invoke a Lambda function in response to important activity in you identity pool.

Enable MFA

You can enable MFA (required, optional) or no MFA option for Cognito User. After enabling, app users can receive SMS or TOTP.

Concepts

• TOTP: time-based one time password