page loader

Ideas that Matter

Authentication using Amazon Cognito

01 Nov
|
|
Image Carousel

One of the challenges in building applications has been around user authentication and management.

Authentication and authorization is a tedious job and implementing a custom solution is error prone and usually, take big effort. So it’s better to go for some inbuild solutions which are already available. Few of the solutions provided for authentication and user management and provided as a service are Cognitive, Auth0, Azure AD, AWS Cognito etc.

AWS Cognito promises to provide a complete solution to manage users which include user registration, confirmation, login, session management etc.

 

Why we choose Cognito

  • In our existing Apps (both web and mobile ) AWS was chosen as the primary cloud service provider. Cognito also provides different kinds of roles and permissions to secure access to AWS resources. 
  • Cognito provides secure access of AWS resources to end users.
  • Cognito is scalable and provides JWT-tokens for stateless authentication between API’s and Apps.
  • On top of authentication and authorization Cognito also provide synchronization of data across multiple devices, platforms and applications ( Which we are not using currently ).
  • Cognito also provides some trigger points ( AWS Lambda Triggers ) which one can use to send customized emails/ messages or to customize the Cognito userpool workflows.

 

Angular2 Integration:

Our aim was to implement create the user ( sign up and from the back end ), authenticate and authorize AWS resources based on user role.

There are few angular2 projects available on Amazon Web Services – Labs github. We took reference from Angular2 example project and examples in Amazon Cognito Identity SDK for JavaScript Github repo. The example project is mostly based on function callbacks. We wrote our own wrapper using Observables, which make the code more readable and maintainable.

After some trial and error, we managed to have a functional sign in and sign up with email verification and we were able to retrieve JWT-tokens to communicate with the API gateway to authorize AWS resources ( Lambda, S3, SNS etc ).

On successful login we retrieve JWT tokens for the authenticated user and flow them among APIs to access AWS resources.

 

Conclusion

Cognito is scalable, customizable and supports hundreds of millions of users.

Initially, we found using AWS services time consuming and difficult to implement especially custom auth part for API gateway but after some efforts, we were able to go through.

 

References :

https://aws.amazon.com/cognito/

https://github.com/awslabs/aws-cognito-angular2-quickstart

https://github.com/aws/amazon-cognito-identity-js

0 Comments