AWS Cognito User Pool - Practical Guide
-
Upload
robert-senktas -
Category
Technology
-
view
286 -
download
2
Transcript of AWS Cognito User Pool - Practical Guide
Amazon Cognito
http://lets-share.senktas.net
User Pool
FederateIdentities
Store and SyncAcross Devices
Amazon Cognito
http://lets-share.senktas.net
Cognito User Pool
GUI
Minimize costs
SAAS
SMS / Email
MFAREDUCE Development Time
UserPool
http://lets-share.senktas.net
User Pool Costs
SMS / SNS EMAIL / SES MAU
In USA – 100 SMS per month is free
Default limit - 1.00 USD per month
http://lets-share.senktas.net
User Pool Costs
FREE
$0.00550
$0.00460
$0.00325
Next 900,000
Next 9,000,000
Next 50,000
Monthly Active Users
First 50,000
Maximum number of user pools per account 60
http://lets-share.senktas.net
How to get access to Cognito
AWSManagement
Console
CommandLine
Interface SDK
iOSAndroid Java
Node.js.NETJavaScript
http://lets-share.senktas.net
User Pool Configuration
3 Ver i f i cat ions
1 Attr ibutes
2 Pol ic ies
4 Message Customizat ion
5 Apps
6 Tr ig gers
http://lets-share.senktas.net
ATTRIBUTES - DEFAULT
Can not be changed
Can be required
Can be ver i fed (phone/emai l )
Can be used as an a l ias
http://lets-share.senktas.net
ATTRIBUTES - ALIASESHow to improve user login process
Username
Preferred
username
Phone
Number
Preferred username can be set when user is confirmed
http://lets-share.senktas.net
ATTRIBUTES - CUSTOM
Can be modi f ied any t ime
Cannot be required
Cannot be ver i f ied
http://lets-share.senktas.net
USER VERIFICATION
Second attribute verification must be triggered from code
http://lets-share.senktas.net
USER CREATION by ADMINhttp://lets-share.senktas.net
APPLICATIONS
CALL CENTER
MOBILE APPLICATION
CRM
WEB APPLICATIONUSER POOL
http://lets-share.senktas.net
Different access rights for each application
APPLICATIONS - CONFIGURATION
To speed up a development process:
Uncheck - Generate client secretCheck - Enable sign-in API
http://lets-share.senktas.net
APPLICATIONS - CONFIGURATION
If checked then for each request SecretHash must be calculated.
http://lets-share.senktas.net
APPLICATIONS - CONFIGURATION
http://lets-share.senktas.net
If this option is not checked then you have to use SRP protocol for password exchange
CUSTOMIZATION
http://lets-share.senktas.net
By User Pool interface
Message customization
By custom message trigger
http://lets-share.senktas.net
Excellent choice when you want to localize messages or add any other dynamic content
http://lets-share.senktas.net
{"version": "1","region": "eu-west-1","userPoolId": "eu-west-1_jjsisisis","userName": "[email protected]","triggerSource": "PreSignUp_SignUp","response": {"autoConfirmUser": false,"autoVerifyEmail": false,"autoVerifyPhone": false}}
Request
Res
po
nse
http://lets-share.senktas.net
{"version": "1","region": "eu-west-1","userPoolId": "eu-west-1_jasdadad","userName": "[email protected]","triggerSource": "CustomMessage_SignUp","response": {"smsMessage": "SMS confirmation code is {####}","emailMessage": "Email confirmation code is {####}","emailSubject": "Verify"}}
Request
Res
po
nse
No error message / No verification code when you miss {####}
http://lets-share.senktas.net
{"version": "1","region": "eu-west-1","userPoolId": "eu-west-1_jjsisisis","userName": "[email protected]","triggerSource": "PreAuthentication_Authentication","response": {}}
Request
Res
po
nse
http://lets-share.senktas.net
Only called when user is authenticated, if user enter for example a wrong password post authentication event is not triggered
{"version": "1","region": "eu-west-1","userPoolId": "eu-west-1_jjsisisis","userName": "[email protected]","triggerSource": "PostAuthentication_Authentication","response": {}}
Request
Res
po
nse
http://lets-share.senktas.net
{"version": "1","region": "eu-west-1","userPoolId": "eu-west-1_jjsisisis","userName": "[email protected]","triggerSource": “PostConfirmation_ConfirmSignUp","response": {}}
Request
Res
po
nse
http://lets-share.senktas.net
Need a custom authentication workflow ?No problem, just implement a three AWS Lambda functions
How to import users ?
The simplest method is to use CSV file and user pool interface
Or write a piece of software that will use an API to migrate users from one system to the User Pool
http://lets-share.senktas.net
DEMO
http://lets-share.senktas.net
Resources
http://lets-share.senktas.net
http://aws-blog.pl/
https://github.com/RobsonAutomator/CognitoPOC
http://lets-share.senktas.net
Thank you foryour attention
Robert SenktasWarszawa
@RobsonAutomator
lets-share.senktas.net
aws-blog.pl
QUESTIONS