AWS COGNITO

Share this post on:

WHAT IS AWS COGNITO?

Amazon Cognito is a service provided by AWS that enables you to add user sign-up, sign-in, and access control to your web and mobile apps quickly and securely.

It provides:

  • User management and authentication out of the box.
  • Integration with social identity providers (like Google, Facebook, Apple) and enterprise identity providers via SAML/OIDC.
  • Token-based authentication using industry standards like OAuth 2.0, OpenID Connect, and SAML 2.0.
    HOW DOES AWS COGNITO WORK?

Amazon Cognito has two main components:

1. User Pools (Authentication)

  • A user directory to manage user accounts.
  • Supports sign-up, sign-in, and user profile management.
  • Issues JWT tokens (ID, access, refresh) after successful authentication.
  • Integrates with Lambda triggers for custom authentication flows (MFA, validations, etc).

Flow Example:

  1. User signs up or logs in → Cognito verifies credentials.
  2. If valid → Cognito returns ID and access tokens.
  3. Tokens are used in your frontend/backend to authenticate and authorize requests.

2. Identity Pools (Authorization)

  • Provides temporary AWS credentials to authenticated users to access AWS services (like S3, DynamoDB).
  • Supports authenticated and unauthenticated (guest) users.
  • Works in combination with Cognito User Pool or other IdPs.

Flow Example:

  1. User is authenticated via a User Pool or a social IdP.
  2. Identity Pool exchanges token for AWS credentials via STS.
  3. These credentials allow limited access to AWS resources securely.

WHY TO USE AWS COGNITO?

FeatureBenefit
Scalable user managementHandles millions of users with minimal effort.
Standards-based authenticationUses OAuth 2.0, OIDC, and SAML for security.
Social & enterprise login supportSupports Facebook, Google, Apple, SAML, etc.
Token-based accessSecure access via short-lived JWTs.
Custom workflowsLambda triggers for custom logic (MFA, email verification, etc).
AWS service integrationIdentity Pools allow secure, temporary AWS access.
ComplianceCognito is HIPAA, PCI DSS, and GDPR compliant.

PRE-REQUISITES:

  • Functional and active account on aws.

    Step 1: Search Cognito in the aws management console and select the region of your choice, then click on get started for free in less than 5minutes.


Step 2: Create Aws Cogntio User Pool following the steps and choosing as per your requirement

Choose Email, phone number or Username as sign-in identifiers as per your requirement. For now we have chosen all three of them.

Add Required attributes for sign-up. For-example: Email
Also add return url if you want that after login where the user gets redirected. It’s optional.

On successful creation you can see this alert


-> Stay tuned with us to integrate it with your laravel application.