Geek Answers Handbook

What is the REST API (or CLI) for logging into Amazon Cognito user pools

How can I make logins through the Amazon Cognito REST APIs (for user pools) on platforms for which there is no official SDK? . Please note that I am requesting user pools, not identifier pools.

Summary

Amazon cognito provides 3 types of logins:

  • federated logins (creates identifier pools ) - using social connections such as FB, Twitter, G + etc
  • AWS managed logins (creates user pools ) - using a managed Amazon account, signin, forgot password, reset password service
  • the developer provided logins (my custom authentication service, managed by me)

I use the second (with user pools)

Amazon cognito has several SDKs for Android, iOS, javascript, Xamarin, etc. Cognito also provides a REST API for building on platforms other than those supported by the official SDKs. I am building an application for another platform , and therefore the REST API is my only way, since there is no official SDK for my platform.

The Cognito REST API provides various endpoints for “logging in,” “forgotten password,” “verification confirmation,” etc., but, surprisingly, the REST API does not have an endpoint for simple login / logout .

From Cognito CLI API Documents I have all the CLI OFFICIAL APIs required for "user registration", "registration confirmation", "change passwords", "check phone numbers", "forget passwords", etc. Surprisingly, CLI APIs are not mentioned for LOGINs. I was hoping there should be some CLI API such as $ aws cognito-idp log-in "just like for $ aws cognito-idp sign-up " or for " $ aws cognito-idp forgot-password " etc.

Also from this initial tutorial , it talks about "* what should be done with the tokens obtained AFTER successful user authentication *". However, he does not talk about HOW for successful authentication to occur primarily with the Cognito User Pool APIs. Examples are available only for Android, iOS, javascript SDK. For platforms that do not have an SDK, there are no authentication examples.

Therefore, How do I make logins through the Amazon Cognito REST API (for user pools) on platforms for which there is no official SDK?

+6
source share
3 answers

Update:

As you noted in the comments below, the authentication flow is described here: http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html . This can help clarify the authentication flow.

This is somewhat contrary to intuition, but it makes sense for mobile applications where you do not want the user to explicitly log into the system, but instead carry tokens for the user. Please note that the AWS Userpools SDK for iOS has an explicit login API. I have not used it, but I believe that it is just an alternative client-side API to go through the same InitiateAuth() , followed by the RespondToAuthChallenge() stream. An example of iOS registration is described here - Example iOS SDK: Log in to the user

Original post:

Cognito User Pools API documentation for auth init available here

How it works, it becomes clearer if you implement the user pool application in one of the SDKs (I did it in Swift for iOS, this is explained because JSON response logging is detailed, and you can see what it is if you look at the log) .

But on the condition that I understand your question: In conclusion, you should InitiateAuth() , and the answer to this (from the Cognito User Pools server) is the problem. Then you execute RespondToAuthChallenge() (also the API documented in this document), and the answer is the authentication result - provided that the password / session / token has been accepted.

The combination of these two things is, I believe, that you call LOGIN and works as a login. In the API, the way it is configured is that trying to retrieve user information when the user is not authenticated starts this InitiateAuth() and (in iOS anyway) the API calls back the code you write to request passwords, and send a RespondToAuthChallenge() request, etc.

+5
source

One of the AWS Cognito team developers is here.

To add an answer to @ md-abdul-munim , we recommend using one of the client side SDKs. If you are building a REST API and then an interface that speaks with these APIs, it is best to simply integrate Cognito from your interface.

If you absolutely need to use Cognito from the back, the authentication API will be available with our version of GA. In our Cognito client pools, beta authentication is only available through the client SDKs.

+1
source

From what you discussed, I believe that you are trying to do this from the web interface. Reason: cognito provides you with the necessary backend support and expects you to communicate (for example, authenticate, register, etc.) from the presentation level - that’s why you found the SDK for different mobile platforms. They also have a SDK for web applications - access is available through their Javascript SDK.

Here's a detailed guide to achieving what you asked the web interface using their JS SDKs. Accessing your user pools using the Amazon Cognito Identity SDK SDK

0
source

More articles:


All Articles