Integrating Amazon Cognito authentication and authorization with web and mobile apps
When you integrate your app with an Amazon Cognito app client, you can invoke API operations for
authentication and authorization of your users. We recommend you use AWS Amplify
Topics
A typical implementation of Amazon Cognito uses a mix of visual tools and APIs. The Amazon Cognito console is the visual interface for setup and management of your Amazon Cognito user pools and identity pools. The hosted UI is a ready-to-use web-based sign-in application for quick testing and deployment of Amazon Cognito user pools. Additionally, in most Amazon Cognito deployments you must add code in your apps to interact with your user pools and identity pools. For example, your app might invoke the hosted UI for user sign-in, then call the token endpoint from your app code to exchange your user's authorization code for tokens. Then your app must interpret and store your user's tokens, and present them in the appropriate context for authentication and authorization. Amplify adds guided integration tools with built-in functions for these processes.
You can also build your Amazon Cognito resources entirely in code. To get started with your own
custom app code, visit the Amazon Cognito code examples for
AWS SDKs
Before you use Amazon Cognito authentication and authorization, choose an app platform and prepare your code to integrate with the service. For available platforms, see Authentication with AWS SDKs. The AWS CLI is a command-line SDK for Amazon Cognito and other AWS services, and is a valuable place to begin to familiarize yourself with the Amazon Cognito API.
Note
Some components of Amazon Cognito can be configured only with the API. For example, you can only
set a user pool custom SMS
or email sender Lambda trigger with a request that updates the
LambdaConfig property of the UserPool
class in a CreateUserPool or UpdateUserPool API request.
The Amazon Cognito user pools API shares its namespace with several classes of API operations. One class configures user pools and their processes, identity providers and users. Another includes unauthenticated operations for your users in a public client to sign in, sign out, and manage their profiles. The final class of API operations performs user operations that you authorize with your own AWS credentials in a confidential server-side client. You must know your intended app architecture before you begin to implement app code. For more information, see Using the user pools API and authorization server.
Authentication with AWS Amplify
AWS Amplify is a complete solution for building web and mobile applications. With
Amplify, you can connect to existing resources with the Amplify libraries, or you can
create and configure new resources with the Amplify command line interface (CLI). Amplify
also has connected UI components like Authenticator
To use Amplify authentication features in your front-end app, see the following documentation by platform.
The Amplify libraries are open source and are available on GitHub
Creating a user interface (UI) with Amplify
The Amazon Cognito user pools hosted
UI can fulfill the essential needs of an authentication front-end for a web or
mobile app. To customize your user interface (UI) beyond the parameters that the hosted UI
accommodates, create a custom app. Amplify
UI
To get started with your custom authentication component, visit the following documentation for the Authenticator component.
Authentication with AWS SDKs
To use a secure backend to build your own identity microservice that interacts with Amazon Cognito, connect to the Amazon Cognito user pools and Amazon Cognito identity pools API with an AWS SDK in the language of your choice.
For details on each API operation, see the Amazon Cognito user pools API Reference and the Amazon Cognito API Reference. These documents contain See also sections with resources for using a variety of SDKs in supported platforms.
