How to create User Authentication using AWS Cognito
Amazon Cognito is a user authentication tool that allows user sign-up and sign-in, and simple, fast, and safe access control for smartphone and web applications. You can build a user directory in Amazon Cognito which helps the application to function when the users are not online and to save and synchronize data on the user’s account. It provides the user with a consistent application interface, whatever the platform.
Amazon Cognito helps, on the scale, millions of users and authenticates accounts from social identity providers like Facebook, Google, Twitter, Amazon, or corporate identity providers like Microsoft Active Directory via SAML, or your own identity provider scheme.
With Amazon Cognito, you will focus on creating better product features for the user, rather than thinking about designing safe and flexible application frameworks for managing user access control permissions and device-wide synchronization.
Cognito User Pool
Amazon Cognito Account Pools lets users build and manage a profile registry and provides sign-up / sign-in to smartphone or desktop apps. Users can use social or SAML-based identity providers to sign in to a User Pool. It provides millions of users with a secure, easy, low-cost alternative, and scales.
You should incorporate improved security functionality for your application, such as multi-factor authentication and email/phone number verification. With AWS Lambda, you can configure the Amazon Cognito Account Pools workflows such as adding product-related logins for account authentication and fraud detection verification.
Start with AWS Cognito User Pool:
Step 1: Log in to your AWS console and click on the services option and click on the Cognito option as marked below.
Step 2: Select the manage user pool option as shown in the below image.
Step 3: click on the create a user pool button on the top you can see in the below image.
Step 4: give the name to your pool and click on the review defaults button as marked in the below image.
Step 5: After reviewing the details click on the create pool button.
Step 6: now we have to create the users and groups so click on the users and groups button on the left side of your screen as shown in the below image.
Step 7: click on the create user button marked below.
Step 8: set the username and password and write the email and then click on the create user button, you can see in the below image.
Step 9: our user is created now we have to get domain name, so click on the domain name option as marked in the below image.
Step 10: give the name and click on the save changes option.
Step 11: now e have to create a resource server so select the resource server on the left side of your screen and then click on the add a resource server button.
Step 12: give name and identifier and write the customized scope you want as shown in the below image and then click on the save changes button.
Step 13: now we need to create the app clients click on the app client option as marked in the below image.
Step 14: click on the add an app client button as marked in the below image.
Step 15: give the name and uncheck the marked box in the below image and then click on the create app client button.
Step 16: you will get your app client id which later we can use.
Step 17: go to app client settings and add the details as shown in the below image and then click on the save changes button.
Step 18: After saving you will see this launch hosted UI in the downside of your screen click over that.
Step 19: you will see the UI like this add the username and password which you have created during creating users and groups and then click on sign in.
Step 20: your google page is open.
This is how we create authentication using AWS Cognito and now this authentication you can integrate with you API Gateway and or any other service to provide Authentication and security.
hope this blog is useful for you. keep reading!!!!!!