-1

I have a half-way running app where the user can sign-up via form or via Facebook.

I am trying to do the following and I was wondering whether this aligns with AWS Cognito best practises or not.

Sign-Up:

  • Sign-up form ("local user"): User can enter username/password with details (gender, bday etc). The credentials get stored in a AWS Cognito User Pool and all other profile details in a custom database.
  • Sign-up via Facebook: User can hit the Facebook login button on the page and after he is authenticated, he has to fill out missing information (gender, bday etc) if not provided by FB. The profile info will be stored in the same database as for a user signing-up through the form.

Pools:

  • The AWS user pool is connected as a identity provider in my AWS identity pool.
  • Facebook is connected to same identity pool.

Token handling:

  • "Local user": I get based on the identityId from the user pool the credentials from the identity pool. I use this credentials to access resources on AWS. The credentials will be cached on the client in a secure place.
  • Facebook user: The same procedure as for "local user".

My questions:

  • Does the overall approach make sense or are there things that do not align with the design of AWS Cognito?
  • I save all profile information ("local user" and Facebook user) in my own database because I need more advanced query/search capabilities on the profile info. Cognito does not offer sophisticated search capabilities. Is it a bad practise if I separate from User Pool resp. the User Pool stores only username/password of local users? What are the disadvantages of this approach?
  • Should I create a user in the user pool for every Facebook identity? If yes, why?
dm88
  • 382
  • 2
  • 13

1 Answers1

0

You can do everything your trying to do using the javascript sdk. Check this link out, it shows how to do pretty much everything you need. https://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-javascript-examples.html

  • Thanks but I was not asking "how" (which library etc) to do it. I have the libs already. It's more about the best practises (independent of the language), because the AWS Cognito documentation is sometimes a bit confusing – dm88 Oct 26 '18 at 18:38
  • Stack Overflow isn't a code writing service. I posted a link to documentation because you have no code in your post. Have you tried anything yet? If so, please post your what you have tried in detail. –  Oct 26 '18 at 18:46
  • I am "not" asking for any code here. I have a running solution. I don't need an explanation how to code it... The question is targeting solution architects, not coders. As you can see in the questions, I ask for general guidence using AWS Cognito. – dm88 Oct 26 '18 at 19:22
  • 1
    So as a solution architect.. yes your approach makes sense. All profile info goes in the dB not because querying only. You will hit limits trying to query cognito directly. Use it for auth and getting user attributes only. Yes one user per Facebook user. Why would you want multiple people loging into same cognito user with different Facebook tokens. –  Oct 26 '18 at 21:14