Why use Cognito User Pool at all? Shouldn't we use Federated Identity Pool?

[kidsil]

I've been having trouble with Authorization (API Gateway) because of the password field. Diving a little deeper I've looked into the COGNITO_IDENTITY_POOL_ID variables that were added.

Since this boilerplate doesn't include User+Pass auth, is there any reason why we don't use Cognito Federated Identity Pools (as they seem to be more fitting for oauth providers)?

[laardee]

@kidsil I had developer authenticated cognito provider example before I refactored it to save user info to cognito user pool, https://github.com/laardee/serverless-authentication-boilerplate/commit/d9ace9918c6c0cb3a43e65925f6e206d59949cc2#diff-32d3eb1dd8b96b3bdae61b4a635a09e3L30. So, then this needs to be reverted and integrated with user pool.

[kidsil]

I see, may I ask what was the reason of switching to User Pool? It seems that if we're doing Social Oauth Identity Pool is the way to go... I must be missing something..?

[laardee]

(As I remember) the initial plan was to save the user info to user pool and then integrate it to federated identities, something like this http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-integrating-user-pools-with-identity-pools.html

[rcfrias]

My first thought was that this is in fact a replacement for cognito. Is this authentication method only an alternative to Cognito or it has another advantage?

[laardee]

@rcfrias, yes, this boilerplate is an alternative for Cognito in some sense. The idea behind this boilerplate was that it would be a serverless passportjs equivalent - API based server-side authentication that requires no client-side js libraries.

Maybe the main advantages are that no extra libraries in the client are needed and you don't need to use Cognito User Pool for user storage if you don't want or already have an existing user database. And hopefully, in the future, I can support Microsoft Azure and other cloud vendors too.

What comes to this issue, @kidsil and I decided to drop the Federated Identity and try if Cognito User Pool can keep the "session" in server-side when it is used as user storage.