A technical guide to integrating AWS Cognito into your application
This article is a technical guide to using AWS Cognito for User Management in an application that leverages serverless functions.
One of the most common components of web applications is a user management system that facilitates sign up, sign in, creation of a user profile and assigning permissions so the user can securely access appropriate application features and functionalities. Serverless architecture, or using serverless functions as part of a microservices architecture, means you don’t have to code common components like a user management system from scratch but can simply integrate a ready-made function.
In this technical guide, we’ll take you through the step-by-step process of integrating AWS Cognito, the world’s largest cloud and serverless provider’s user management system.
Serverless user management components
Regardless of the serverless platform they are native to serverless user management functions are all relatively similar and include the following features:
- Secure authentication and authorisation of the user (sign up, sign in, forgot-change password flow, multi-factor authorization)
- Out-of-the-box customizable hosted UI or SDK
- Identity provider federation (single sign on with existing accounts from Amazon, Google, Facebook, Twitter)
- User migration
- Flexible app integration with customized authentication flow if needed
- Cloud resources secured by configuration only
- Any other integrated server resources secured via token verification (a short code)
- Scalable to millions of users without having to change anything
- Single sign on across multiple Apps (register once, one User profile, use for all apps)
A step-by-step guide to integrating AWS Cognito into your application as a serverless function
Let’s walk through the integration process for the AWS Cognito user management component and you’ll see just how easy it can be to configure.
Step 1
First, log in to your AWS account and select Services from the navigation. You’ll find Cognito under the Security, Identity & Compliance category.
Step 2
Select the AWS regions in which you want to instantiate the user management component. You should be aiming for geographically proximity to as many of your users as possible.
Step 3
Click on ‘Create a User Pool’ and type in name (like TestAppUserPool)
Step 4
Click on the Review defaults and Create Pool button in an opened window. Your User Pool has been created.
Step 5
Configure a Client Application that will use this user management component (it can be shared between different applications). Make sure you uncheck the Generate Client checkbox.
Step 6
Configure Client Application settings to integrate the created App Client with your User Pool. Choose callback URL’s for sign in/sign out requests.
Step 7
Configure a domain name for your User Pool UI, by selecting App Integration->Domain name and typing domain prefix, check availability and save changes.
That’s it. You have created and configured your first user management serverless function which you can use now in your web application. You can use it to secure your web/mobile application resources with AWS SDK, AWS Amplify and Serverless Framework.
Now check your browser is going to the address:
https://<DOMAIN_NAME>..auth.<AWS_REGION>.amazoncognito.com/login?response_type=code&client_id=<APP_CLIENT_ID>&redirect_uri=<REDIRECT_URL>
DOMAIN_NAME – from step 7
AWS_REGION – from step 7
APP_CLIENT_ID – from step 5
REDIRECT_URL – from step 6
Sample: (https://mytestappuserpooldomain.auth.eu-central-1.amazoncognito.com/login?response_type=code&client_id=6ka14g4k7vvkqbubga33c2n0g&redirect_uri=https://localhost:4200)
You should see an AWS User Management login form which can be easily customized to your needs in the UI Customization settings of your AWS Cognito User Pool.
Try to sign up to your application and after passing through the registration process, which by default is protected with an email verification code (put a real email during registration to see it), sign in and you’ll be redirected to the URL you have chosen at step 6.
There are a lot of configurations available for your User Pool, from required fields and password strength policies to multi-factor authorization and single sign on with different Identity Providers (Twitter, Facebook).
Alternatives to AWS Cognito
There are many alternatives to AWS Cognito as a serverless User Management function. Other serverless platform providers and 3rd party vendors all offer components with almost identical core features and functionalities. Some examples are:
- Auth0
- Google IAM
- Azure Active Directory
They all share similar features and can be considered if your infrastructure means another choice than AWS Cognito is more appropriate (eg. If using Windows Servers – consider the Azure user management service).
We hope this step-by-step guide to the features and configuration of the AWS Cognito User Management component help demonstrate just how powerful and convenient contemporary Serverless components have become
Can K&C help support your next cloud development project?
From our base in Munich, we have established ourselves as one of Germany and Europe’s most trusted nearshore IT outsourcing providers. With over 20 years of experience working with partners that range from blue-chip multinationals to exciting SMEs and start-ups, our German management and nearshored tech talent offers a perfect blend of communication, quality and price point.
We specialise in web, cloud-native and DevOps technologies and offer nearshore team augmentation, dedicated software development teams, consultants and IT recruitment services. We’d be delighted to hear from you regarding any web, serverless and cloud development projects you may need experienced support for. Just drop us a line!