Aws mobile developer Services- Amazon Cognito
Aws mobile developer Services- Amazon Cognito
You can quickly add user sign-up and authentication to your mobile and online apps using Amazon Cognito. Amazon Cognito also allows you to authenticate users using a third-party identity provider and provides you with temporary security credentials to access your app's AWS backend resources or any service behind it. Amazon API Gateway.
Configure your app to utilise Amazon Cognito to authenticate users and grant access to AWS resources using the steps below. Consult the Amazon Cognito documentation for precise procedures to complete this scenario.
- .On a mobile device, a client launches your app. A sign-in prompt appears for the user.
- To accept the user's credentials, the app utilises Login with Amazon resources.
- The app exchanges the Login with Amazon ID token for a Cognito token using Cognito API activities.
- The app uses the Cognito token to request temporary security credentials from AWS STS.
- The app may utilise the temporary security credentials to access any AWS services it needs to function. What may be accessed is determined by the role associated with the temporary security credentials and the policies applied to it.
Steps
- In the AWS Management Console, go to Amazon Cognito. Create an identity pool for your applications using the Amazon Cognito wizard. An identity pool is a container used by Amazon Cognito to keep end user IDs for your apps organised. Identity pools can be used by several apps. When you create an identity pool, Amazon Cognito creates one or two IAM roles (one for authenticated identities and one for unauthenticated "guest" identities).
- The Amazon Cognito files must be imported after you have downloaded and integrated the AWS SDK for iOS or AWS SDK for Android into your app..
- Create an Amazon Cognito credentials provider instance using the identity pool ID, your AWS account number, and the Amazon Resource Name (ARN) of the roles in the identity pool. The Amazon Cognito wizard in the AWS Management Console comes with sample code to get you going.
- Pass the credentials provider instance to the client object when your app requests an AWS resource, which sends temporary security credentials to the client. The credentials' permissions are determined by the role or roles that you established previously.