what does login really mean?

[jzkunlun]

I got successfully login with IdentityId: us-east-1:b2a3caea-e58b-41b7-bxxxxxx. How can i use it to access restricted contents?

[danilop]

The login can be used in two ways:

• inside your application, you manage the logic
• to access AWS services straight from JavaScript, using Amazon Cognito (the token returned by the login function is using Developer Authenticated Identities)

[jzkunlun]

Danilop,

Thank you for your reply. Do you have a simple javascript example which
uses this successful login from login.html to access another lambda
function? Or point me somewhere i can find them.

thanks,

Jing

On Sun, Aug 2, 2015 at 12:09 PM, Danilo Poccia notifications@github.com
wrote:

The login can be used in two ways:

• inside your application, you manage the logic
• to access AWS services straight from JavaScript, using Amazon
  Cognito (the token returned by the login function is using Developer
  Authenticated Identities)

—
Reply to this email directly or view it on GitHub
#9 (comment).

[danilop]

You can have look at the changePassword.html in the www directory.
With Amazon Cognito, you can have two AWS IAM roles, one for unauthenticated users, one for authenticated ones. See the two Cognito_*.json files in the iam directory.
The ChangePassword function is available to authenticated users only, so you need to be logged in to access it.
The ResetPassword on the other side is unauthenticated, because you can assume you lost your password and cannot login if you want to reset it (and it implements an email verification for security reason).

[jzkunlun]

Great, thank you very much!!

Jing

On Sun, Aug 2, 2015 at 12:38 PM, Danilo Poccia notifications@github.com
wrote:

You can have look at the changePassword.html in the www directory.
With Amazon Cognito, you can have to AWS IAM roles, one for
unauthenticated users, one for authenticated ones. See the two
Cognito_*.json files in the jam directory.
The ChangePassword function is available to authenticated users only, so
you need to be logged in to access it.
The ResetPassword on the other side is unauthenticated, because you can
assume you lost your password and cannot login if you want to reset it (and
it implements an email verification for security reason).

—
Reply to this email directly or view it on GitHub
#9 (comment).

[jzkunlun]

You may saw my another question related with this topic.

Why are there no 'logout' functionality? Is no logout best practice? Where
are the auth info keep, in http header or post payload or get parameters?

thanks,

Jing

On Sun, Aug 2, 2015 at 12:38 PM, Danilo Poccia notifications@github.com
wrote:

You can have look at the changePassword.html in the www directory.
With Amazon Cognito, you can have to AWS IAM roles, one for
unauthenticated users, one for authenticated ones. See the two
Cognito_*.json files in the jam directory.
The ChangePassword function is available to authenticated users only, so
you need to be logged in to access it.
The ResetPassword on the other side is unauthenticated, because you can
assume you lost your password and cannot login if you want to reset it (and
it implements an email verification for security reason).

—
Reply to this email directly or view it on GitHub
#9 (comment).

[danilop]

In the sample implementation included in the www directory the auth info in retrieved in JS variables (identityId and token). So logout is managed client side to just "forget" those parameters and refresh Amazon Cognito credentials.

[rossrossp]

Hello,
At what point/where are you assuming Cognito_LambdAuthAuth_Role when you log in?
Can you point me to the code which manages this?

Thanks,
Ross.