Cognito - tutorial
First thing you should decide
We should decided “User pool” or “Identity pool”.
Here is the official blog post about the differences.
https://aws.amazon.com/de/premiumsupport/knowledge-center/cognito-user-pools-identity-pools/
In a nut shell, User pools are for authentication (identify verification), and Identity pools are for authorization (access control).
I’ll try an User pool.
Future scope: integrate with AppSync.
Tutorial
1. Create an User pool
I followed the link. Very easy.
https://docs.aws.amazon.com/cognito/latest/developerguide/tutorial-create-user-pool.html
- Choose Manage User Pools.
- Manage User Pools.
- Pool-Name=
atlex00-test, and Review defaults.
- Erforderliche Attribute: email
- Create pool.
2. Create a sample user
- Allgemeine Einstellungen -> Benutzer und Gruppen
- benutzer erstellen
- Username=
test01, Check “E-Mail”, empty Temporäres Passwort. - I got temporary password via email from
no-reply@verificationemail.com
3. Configure for a client (your app)
- App-Clients -> Add an app client.
- Input information.
atlex00-test-Client- Uncheck “Generate client secret”
- Keep App-Client-ID. In this post, I mark as
{{ app_client_id }} - App client settings
- Check “cognito User Pool”
- Add a callback URL. I tested with
http://localhost/top - Add a sign out URL.
http://localhost/sign-out - Configure OAuth 2.0.
- Check “Athorization code grant”
- Check “openid”
- Save
4. Add Cognito endpoint
- App integration -> Domain Name
- cognito domain add
atlex00-test - Save changes
5. Use the account!
After the instructions above, I could access the following URL.
https://atlex00-test.auth.us-east-1.amazoncognito.com/login?response_type=code&client_id={{ app_client_id }}&redirect_uri=http://localhost/top`
When I login to with the account which I created, it prompted me to change the default password.
After changing the password, it redirect me to the callback URL with authorization code parameter!
http://localhost/top?code=d8ff3e19-3f88-4567-aaa0-6657463b6152