0

I have an authentication service currently integrated with CA layer 7 API Gateway. When user presents username/password to L7, it forwards the call to the auth-service, which returns JWT and session id if credentials are valid.

I am looking to integrate this auth service with AWS API gateway through cognito federated identities. I am not clear on how to integrate this set up and migrate the existing users to the user pools. I am looking for an option to eliminate the need of saving credentials in internal database. Is it possible once I migrate the users to user pools? Also, what all the features my auth-service should be able to support as added to federated identities.

It would be really helpful if you could share the relevant implementation samples.

Hans Z.
  • 50,496
  • 12
  • 102
  • 115
Ali
  • 253
  • 4
  • 13
  • are you looking to use your authentication service with cognito federated identity or do you want to add all your users to cognito user pool and use that? These are 2 different services. – Ninad Gaikwad Mar 18 '19 at 08:12
  • If I am using cognito, I want to migrate the existing users to user pool thru lambda trigger. Wondering if I still need my auth service for authentication. I assume no, but I am not sure how to support the session handling and invalidating session if any of the parameters changes in the header. – Ali Mar 18 '19 at 20:14

1 Answers1

0

You can import users into the cognito user pool. This will transfer all information except for the password. All users will need to create a new password when they try to log in for the first time. If you don't want to use user pools you can just add your current authentication as a federated identity provider. I think you should stick to just using federated identity unless you are not satisfied with your authentication app since cognito user pool requires passwords. It will be far simpler to just created a federated identity pool and configure your app with it.

Ninad Gaikwad
  • 4,272
  • 2
  • 13
  • 23