Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
94 lines (77 sloc) 3.1 KB

Cognito

Pros:

  • Give IAM access to other users

Cons:

  • Complicated as hell
  • No option to delete users from frontend
  • Naming doesn't follow Amazon naming conventions

Questions I Need To Answer:

  • How much can I customize the login page?
User Pools Identity Pools
User pools are user directories that provide sign-up and sign-in options for your app users. Identity pools provide AWS credentials to grant your users access to other AWS services.
Identity pools are used to store end user identities. To declare a new identity pool, enter a unique name.

With an identity pool, your users can obtain temporary AWS credentials to access AWS services, such as Amazon S3 and DynamoDB. Identity pools support anonymous guest users, as well as the following identity providers that you can use to authenticate users for identity pools:

User pools provide:

  • Sign-up and sign-in services.
  • A built-in, customizable web UI to sign in users.
  • Social sign-in with Facebook, Google, and Login with Amazon, and through SAML and OIDC identity providers from your user pool.
  • User directory management and user profiles.
  • Security features such as multi-factor authentication (MFA), checks for compromised credentials, account takeover protection, and phone and email verification.
  • Customized workflows and user migration through AWS Lambda triggers.

  • Amazon Cognito user pools
  • Social sign-in with Facebook, Google, and Login with Amazon
  • OpenID Connect (OIDC) providers
  • SAML identity providers
  • Developer authenticated identities
* You can use identity pools and user pools separately or together. * To save user profile information, your identity pool needs to be integrated with a user pool. * [https://docs.aws.amazon.com/cognito/index.html](https://docs.aws.amazon.com/cognito/index.html)

Social Identity Providers

URLs:

Login URL

https://$domain/login?response_type=code&client_id=$client_id&redirect_uri=$redirect_uri

Valid OAuth Redirect URI

https://$domain/oauth2/idpresponse

You can’t perform that action at this time.