Amazon Cognito

Last Updated: 1 min read

Provides both Security and user management for web and mobile apps. An alternative to Firebase - Wikipedia, but difficult to work with.
Terrible naming.

  • USER POOLS - Sign-in and get JSON Web Token - (JWT), but most AWS services can’t use JWT.
    • Made exactly for Authentication, Sign up and Sign in, Built-in customisable user UI, MFA, checks for compromised credentials and account takeover protection.
    • Also, allows social sign-in and IdP
    • Customised workflows and user migration with Triggers
    • Token types is always the same.
  • IDENTITY POOLS - Exchanges external identity for a set of temporary AWS Credentials for AWS Resources access. They assume AWS IAM Role
    • Unauthenticated users – Guests Users.
    • Federated Identity - swap identity from Google, Facebook, Twitter, SAML 2.0 & User Pool for short term AWS Credentials..
      • Each external token type needs its configuration.

NOTE

When one type of token is replaced with the other, i.e. linking attributes across different providers under one entity is called Federated identity - Wikipedia

Can operate together, combined.