48

How can I use AWS-Cognito for user authentication in a web app (not IOS or Android app)?

Amazon cognito just came out:

http://aws.amazon.com/cognito/

http://aws.amazon.com/about-aws/whats-new/2014/07/10/introducing-amazon-cognito/

From the FAQ:

Q: Do I still need my own backend authentication and identity systems with Amazon Cognito?

No. Amazon Cognito supports login through Amazon, Facebook and Google, as well as providing support for unauthenticated users. With Amazon Cognito you can support federated authentication, profile data sync store and AWS access token distribution without writing any backend code.

It seems to be built with mobile apps in mind (they provide SDKs for android and IOS).

So far the AWS php SDK and boto don't reference Cognito, but Amazon mentions "back-end API's" that we can hit.

Steffen Opel
  • 63,899
  • 11
  • 192
  • 211
Nate
  • 2,940
  • 3
  • 22
  • 24
  • I'd really be interested in a ruby gem for this, if the SDK won't support it for now. Nice find Nate :) First time I find out about an AWS service from SO :D – andreimarinescu Jul 10 '14 at 20:16
  • While I'd love a python library for it, a sample python code for authentication using google/facebook/amazonid would be much appreciated. – sky Jul 11 '14 at 09:00

4 Answers4

34

One of the developers for Amazon Cognito here.

To expand on JeffersonBe's answer, API docs for both the Identity and Sync services in Amazon Cognito are available on our documentation website.

Additionally, a number of the AWS SDKs have already been updated to support Amazon Cognito:

With more coming soon.

Thanks for your interest. If you have other questions or encounter issues, please post additional questions here on SO or over at our new dedicated Cognito forum.

Community
  • 1
  • 1
Bob Kinney
  • 8,870
  • 1
  • 27
  • 35
  • Support for it in the Devise gem would probably have the most reach for Rails apps. – Mike Atlas Jul 11 '14 at 16:13
  • 1
    excellent! is there a boto release soon? – Nate Jul 11 '14 at 18:20
  • @Nate, I can't comment on the boto release, you may want to file an issue on their github issue asking for support. – Bob Kinney Jul 11 '14 at 22:04
  • 1
    can I also use cogntio to secure my restful api which is in AWS api gateway? I have setup a developer identity on dynamodb, when the right user signs in then I send back the token. – johnny May 03 '16 at 13:58
  • @johnny Yes, please see the documentation for [examples using the API Gateway generated SDKs](http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-generate-sdk.html). – Bob Kinney May 11 '16 at 18:57
  • thanks @Bob, I managed to do all that, now my problem is how to consume this api gateway endpoints in .Net. Using APIG sdks I can do it for js, ios and android. Since my API is secured with cognito, from .Net I have to sign the request. is there any easy way to do that using aws .Net SDK directly? without writing code for signing. – johnny May 11 '16 at 19:17
  • @johnny Not that I am aware of today. We are looking to add support for additional SDKs in the future, but I cannot comment as to when those would be available. – Bob Kinney May 11 '16 at 19:27
  • thanks @Bob, I am writing a simple library to do the signing and expose my endpoints for now. cheers – johnny May 11 '16 at 19:47
15

Cognito is perfect for web apps. There is a good tutorial on using Cognito ID and Sync for Javascript web apps: http://backspace.technology/learn-aws-cognito.html and at http://blog.backspace.academy/2015/03/using-cognito-with-node.html

Update: There is now a Cordova/PhoneGap tutorial also at http://backspace.technology/learn-aws-cognito-id-phonegap.html and at http://blog.backspace.academy/2015/03/using-cognito-with-phonegapcordova-part.html

The process is as follows:

  1. Register a Facebook app. You will get a App ID and App secret.
  2. Create an AWS Cognito ID Pool using the App ID and App secret.
  3. Use the App ID and secret with Passport to get a Facebook session token for the user.
  4. Use the Facebook token to get temporary AWS credentials for the user.
  5. Use the temporary credentials to access AWS resources such as Cognito Sync.

Although if you are only looking for authentication then you don't actually need Cognito, you just login with Facebook.

Jan Vlcinsky
  • 42,725
  • 12
  • 101
  • 98
user3393285
  • 163
  • 5
  • 2
    can I also use cogntio to secure my restful api which is in AWS api gateway? I have setup a developer identity on dynabo, when the right user signs in the I send back the token then they get access. – johnny May 03 '16 at 13:57
9

From what I see in their FAQ, yes:

Q: Does Amazon Cognito expose server-side APIs?

Yes. Amazon Cognito exposes server-side APIs. You can create your own custom interface to Amazon Cognito by calling these APIs directly. The server-side APIs are described in the Developer Guide.

Here are the links to the relevant Amazon Cognito Documentation:

Steffen Opel
  • 63,899
  • 11
  • 192
  • 211
JeffersonBe
  • 559
  • 6
  • 10
1

By using Amazon Cognito in your web applications as well as mobile apps, you can utilize a consistent, cross-platform identifier for your end users authenticated through Facebook, Google, or Amazon; together with the Cognito Sync service, this allows you to keep user-related data consistent across all your applications and platforms. Further, Cognito helps you to retrieve temporary, limited-privilege credentials for both your authenticated and unauthenticated users without managing any backend infrastructure. In our previous post, we covered how to connect to the Amazon Cognito Identity service from your mobile applications.

Here is a link to the relevant : Amazon Cognito Documentation

Won Jun Bae
  • 5,140
  • 6
  • 43
  • 49