Cognito User Pools

Cognito User Pools

User pools are user directories used to manage sign-up and sign-in functionality for mobile and web applications. Users can sign-in directly to the User Pool, or indirectly via an identity provider like Facebook, Amazon, or Google. Cognity acts as an Identity Broker between the ID provider and AWS. Successful authentication generates a number of JSON Web Tokens (JWTs).

Identity Pools enable you to create unique identities for your users and authenticate them with identity providers. With an identity, you can obtain temporary, limited-previlege AWS credentials to access other AWS services.

Cognity User Pools Example

  • User logs in Via facebook, recieves JWT
  • Cognity identity pool exchanges JWT for temp credentials
  • Temp credentials let her temporarily access AWS resources
  • Cognity handles all of this for you

Push Synchronization

Cognito tracks the association between user identity and the various different devices they sign-in from.

In order to provide a seamless user experience for your application, Cognity uses Push Synchronization to push updates and synchronize user data across multiple devices.

Amazon SNS is used to send a silent push notifications to all the devices associated with a given user identity whenever data stored in the cloud changes.

Cognito Exam Tips

  • Cognito uses User Pools to manage user sign-up and sign-in directly or via Web Identity Providers (Facebook, Amazon, Google)
  • Cognito acts as an Identity broker, handling all interaction with Web Identity Providers
  • Cognito uses Push Synchronization (with SNS) to send a silent push notification of user data updates to multiple device types associated with a user ID.
  • Amazon Cognito identity pools provide temporary AWS credentials for users who are guests (unauthenticated) and for users who have been authenticated and received a token.
    • Identity pools provide AWS credentials to grant your users access to other AWS services
  • Difference between Identity Pools and user pools is that Identity Pools allows a way to authorize your users to use the various AWS services and User Pools is not about authorizing to AWS services, but to provide sign-up and sign-in functionality to web and mobile apps
  • User pools, sign up and sign in to apps
  • Identity pools, authenticating for AWS services
    • https://docs.aws.amazon.com/cognito/latest/developerguide/identity-pools.html
    • https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html
  • User pools supports MFA