AWS Cognito User Pool - Practical Guide

28
Amazon Cognito http://lets-share.senktas.net

Transcript of AWS Cognito User Pool - Practical Guide

Page 1: AWS Cognito User Pool - Practical Guide

Amazon Cognito

http://lets-share.senktas.net

Page 2: AWS Cognito User Pool - Practical Guide

User Pool

FederateIdentities

Store and SyncAcross Devices

Amazon Cognito

http://lets-share.senktas.net

Page 3: AWS Cognito User Pool - Practical Guide

Cognito User Pool

GUI

Minimize costs

SAAS

SMS / Email

MFAREDUCE Development Time

UserPool

http://lets-share.senktas.net

Page 4: AWS Cognito User Pool - Practical Guide

User Pool Costs

SMS / SNS EMAIL / SES MAU

In USA – 100 SMS per month is free

Default limit - 1.00 USD per month

http://lets-share.senktas.net

Page 5: AWS Cognito User Pool - Practical Guide

User Pool Costs

FREE

$0.00550

$0.00460

$0.00325

Next 900,000

Next 9,000,000

Next 50,000

Monthly Active Users

First 50,000

Maximum number of user pools per account 60

http://lets-share.senktas.net

Page 6: AWS Cognito User Pool - Practical Guide

How to get access to Cognito

AWSManagement

Console

CommandLine

Interface SDK

iOSAndroid Java

Node.js.NETJavaScript

http://lets-share.senktas.net

Page 7: AWS Cognito User Pool - Practical Guide

User Pool Configuration

3 Ver i f i cat ions

1 Attr ibutes

2 Pol ic ies

4 Message Customizat ion

5 Apps

6 Tr ig gers

http://lets-share.senktas.net

Page 8: AWS Cognito User Pool - Practical Guide

ATTRIBUTES - DEFAULT

Can not be changed

Can be required

Can be ver i fed (phone/emai l )

Can be used as an a l ias

http://lets-share.senktas.net

Page 9: AWS Cognito User Pool - Practical Guide

ATTRIBUTES - ALIASESHow to improve user login process

Username

Preferred

username

Phone

Number

Email

Preferred username can be set when user is confirmed

http://lets-share.senktas.net

Page 10: AWS Cognito User Pool - Practical Guide

ATTRIBUTES - CUSTOM

Can be modi f ied any t ime

Cannot be required

Cannot be ver i f ied

http://lets-share.senktas.net

Page 11: AWS Cognito User Pool - Practical Guide

USER VERIFICATION

Second attribute verification must be triggered from code

http://lets-share.senktas.net

Page 12: AWS Cognito User Pool - Practical Guide

USER CREATION by ADMINhttp://lets-share.senktas.net

Page 13: AWS Cognito User Pool - Practical Guide

APPLICATIONS

CALL CENTER

MOBILE APPLICATION

CRM

WEB APPLICATIONUSER POOL

http://lets-share.senktas.net

Different access rights for each application

Page 14: AWS Cognito User Pool - Practical Guide

APPLICATIONS - CONFIGURATION

To speed up a development process:

Uncheck - Generate client secretCheck - Enable sign-in API

http://lets-share.senktas.net

Page 15: AWS Cognito User Pool - Practical Guide

APPLICATIONS - CONFIGURATION

If checked then for each request SecretHash must be calculated.

http://lets-share.senktas.net

Page 16: AWS Cognito User Pool - Practical Guide

APPLICATIONS - CONFIGURATION

http://lets-share.senktas.net

If this option is not checked then you have to use SRP protocol for password exchange

Page 17: AWS Cognito User Pool - Practical Guide

CUSTOMIZATION

http://lets-share.senktas.net

Page 18: AWS Cognito User Pool - Practical Guide

By User Pool interface

Message customization

By custom message trigger

http://lets-share.senktas.net

Excellent choice when you want to localize messages or add any other dynamic content

Page 19: AWS Cognito User Pool - Practical Guide

http://lets-share.senktas.net

{"version": "1","region": "eu-west-1","userPoolId": "eu-west-1_jjsisisis","userName": "[email protected]","triggerSource": "PreSignUp_SignUp","response": {"autoConfirmUser": false,"autoVerifyEmail": false,"autoVerifyPhone": false}}

Request

Res

po

nse

Page 20: AWS Cognito User Pool - Practical Guide

http://lets-share.senktas.net

{"version": "1","region": "eu-west-1","userPoolId": "eu-west-1_jasdadad","userName": "[email protected]","triggerSource": "CustomMessage_SignUp","response": {"smsMessage": "SMS confirmation code is {####}","emailMessage": "Email confirmation code is {####}","emailSubject": "Verify"}}

Request

Res

po

nse

No error message / No verification code when you miss {####}

Page 21: AWS Cognito User Pool - Practical Guide

http://lets-share.senktas.net

{"version": "1","region": "eu-west-1","userPoolId": "eu-west-1_jjsisisis","userName": "[email protected]","triggerSource": "PreAuthentication_Authentication","response": {}}

Request

Res

po

nse

Page 22: AWS Cognito User Pool - Practical Guide

http://lets-share.senktas.net

Only called when user is authenticated, if user enter for example a wrong password post authentication event is not triggered

{"version": "1","region": "eu-west-1","userPoolId": "eu-west-1_jjsisisis","userName": "[email protected]","triggerSource": "PostAuthentication_Authentication","response": {}}

Request

Res

po

nse

Page 23: AWS Cognito User Pool - Practical Guide

http://lets-share.senktas.net

{"version": "1","region": "eu-west-1","userPoolId": "eu-west-1_jjsisisis","userName": "[email protected]","triggerSource": “PostConfirmation_ConfirmSignUp","response": {}}

Request

Res

po

nse

Page 24: AWS Cognito User Pool - Practical Guide

http://lets-share.senktas.net

Need a custom authentication workflow ?No problem, just implement a three AWS Lambda functions

Page 25: AWS Cognito User Pool - Practical Guide

How to import users ?

The simplest method is to use CSV file and user pool interface

Or write a piece of software that will use an API to migrate users from one system to the User Pool

http://lets-share.senktas.net

Page 26: AWS Cognito User Pool - Practical Guide

DEMO

http://lets-share.senktas.net

Page 27: AWS Cognito User Pool - Practical Guide

Resources

http://lets-share.senktas.net

http://aws-blog.pl/

https://github.com/RobsonAutomator/CognitoPOC

http://lets-share.senktas.net

Page 28: AWS Cognito User Pool - Practical Guide

Thank you foryour attention

Robert SenktasWarszawa

@RobsonAutomator

[email protected]

lets-share.senktas.net

aws-blog.pl

QUESTIONS