rachitdhall
commented
7 years ago Cognito User Pools supports username and password based registration and authentication, so you do not need to store the user name password in your own DB. After authentication the user gets JWT tokens (Id Token, Refresh Token and Access Token) which can be exchanged with Cognito Federated Identities for getting AWS credentials. If you do not want the clients to talk to AWS directly, they can provide your backend the id token, which you can validate yourself and then talk to AWS from your backend.
Most of the API functionality you mentioned has been implemented in our high level SDKs, so I would highly encourage to use one of the Android/iOS/Javascript SDKs. Otherwise if you want to build your own, our SDKS are built on our public APIs.
This repository is a sample for the developer authenticated feature and issues are used to report problems with the sample itself. We encourage customers to post feature request/use case suggestions on our forums. Closing this issue, feel free to contact on our forums.
anildbest83
Hi Team,
I am having a hard time in understanding what AWS Cognito. My requirement was to build an iOS/android app with a Web(angular) portal(for management purpose). The backend API will be build using Java, considering web portal can have different types of users I was thinking about using Spring security.
I was thinking upon using my backend services to authenticate user using AWS Cognito. I don't want to integrate the iOS/Andorid/Web directly with AWS Cognito as in future we might need to switch to other providers.
I am not sure whether this is possible or not but was thinking about something like this: 1. Register API: iOS/Android/Web(with role) calls my backend service with email and password. The backend service register an user with AWS Cognito. AWS Cognito will return an Identifier for that user and the same identifier I will use in my local db to create a link b/w user and the roles and other tables. The backend service will return a json response(identifier) to client(iOS/Android and web) stating that user is created.
Login API: iOS/Android/Web(with role) calls my backend service with email and password. The backend service will validate the email and password against local DB, if it is valid it will talk to AWS Cognito and using GetOpenIdTokenForDeveloperIdentityRequest it will fetch identiyId and token and the same will be send to client(iOS/Androsi/Web).
Get User Info API: Once the user logins, iOS/Android/Web(with role) calls my backend service with the identityID and token(fetched from Login API). The backend service validated the token with AWS Cognito. If the token is valid, AWS Cognito returns the user information also like the email and the identifier to identify the user in my local db.
I have looked everywhere and have not found anything. Is it possible?
Any other API: All other backend works as Get User Info i.e client (iOS/Andorid/Web) calls the backend service with a token and identityId and the same token is used by backed service to authenticate the user using AWS Cognito.
Logout API. Once this API is call the token should be invalidated.
RefreshAPI: iOS/Android/Web on timely manner calls the backend service and gets the token validated.
Also I have a requirement where I don't want the token to be used directly by client(iOS/Android/Web) for talking to AWS. I want all the calls to AWS goes through backend. Is it possible?
I have gone through a lot of documentation of AWS Cognito but more I read more confused I get. It will be a great help if someone can let me know whether the above is possible through AWS Cognito or not and if it is, how can I proceed on that.
Thanks In Advance!!