Amazon Cognito is an AWS service where you can add user, sign-up, sign-in, and access control to your web and mobile apps quickly and easily. The main goal of amazon Cognito is to authenticate your user and then grant your user access to another AWS service.
Features of Amazon Cognito
- Secure and scalable identity store.
- Social and enterprise identity federation.
- Standards-based authentication.
- Security for your apps and users.
Secure and scalable identity store
A Cognito User Pools provide a secure identity store that scales to millions of users.It can be easily set up without provisioning any infrastructure.
Social and enterprise identity federation.
A Cognito User Pools provide a secure identity store that scales to millions of users.It can be easily set up without provisioning any infrastructure.
Standards-based authentication
Amazon Cognito User Pools is a standards-based Identity Provider and supports identity and access management standards, such as OAuth 2.0, SAML 2.0, and OpenID Connect.
Security for your apps and users
Amazon Cognito supports multi-factor authentication and encryption of data-at-rest and in-transit.
The two main components of Amazon Cognito:
- user pool
- identity pool
1 . user pool
User pools are user directories in Amazon Cognito that provide sign-up and sign-in options for your app users. With a user pool, your users can sign in to your web or mobile app through Amazon Cognito, or federate through a third-party identity provider (IdP). Whether your users sign in directly or through a third party, all members of the user pool have a directory profile that you can access through an SDK.
User pools Features:
- Sign-up and sign-in services.
- Sign-up and sign-in services.
- A built-in, customizable web UI to sign in users.
- Social sign-in with Facebook, Google, Login with Amazon, and Sign in with Apple, and through SAML and OIDC identity providers from your user pool.
- User directory management and user profiles.
- Security features such as multi-factor authentication (MFA), checks for compromised credentials, account takeover protection, and phone and email verification.
- Customized workflows and user migration through AWS Lambda triggers.
2. identity pool
Identity pools enable you to grant your users access to other AWS services.
With the use of an identity pool, your users can obtain temporary AWS credentials to access AWS services, such as Amazon S3 and DynamoDB. Identity pools support anonymous guest users, as well as the following identity providers that you can use to authenticate users for the identity pool.
- Amazon Cognito user pools.
- Social sign in with Facebook, Google, Login with Amazon, and Sign in with Apple.
- OpenID Connect (OIDC) providers.
- SAML identity providers.
- Developer authenticated identities.
- To save user profile information, your identity pool needs to be integrated with a user pool.
How does Amazon Cognito Authentication flow work?
In the first step your app user signs in through a user pool and receives user pool tokens after successful authentication.
Next, your app exchanges the user pool tokens for AWS credentials through an identity pool.
Finally, your app user can then use those AWS credentials to access other AWS services such as Amazon S3 or DynamoDB, etc.
Articles related to Amazon Cognito
AWS Cognito Change User password using Java
AWS Cognito Confirming User Accounts using Java
AWS Cognito Change User Email for Phone using Java
AWS Cognito Change User password using Java
AWS Cognito Enable SMS MFA Using Java
AWS Cognito TOTP Software Token MFA Using Java
AWS Cognito Reset User MFA Using Java
AWS Cognito SignUp and SignIn Example Using Java
In this article, we have seen What is Amazon Cognito and the main Component of Amazon Cognito, its features and its uses as well.