Greetings!
AWS Cognito is a serverless identity and access management server. We don't have to manage any server or database to handle user data and authentication, and authorization flows. In this article, we focus on how to create a Cognito user pool and retrieve an access token that can be used to access back-end data (we will not create a backend service though).
Cognito User Pools
Amazon Cognito User Pools makes it easy to create and maintain a user directory and add sign-up (user onboarding) and sign-in to your mobile or web application for authentication, authorization, and resource access and control.Let's get started.
What we do
- Create a Cognito user pool
- Register a user and retrieve the authorization token
- Retrieve access token
Create a Cognito user pool
Go to AWS Console > Amazon Cognito to navigate to the Cognito page.
Click on the "Create user pool".
Click Next to go to Step 3.
Click Next to go to Step 4.
I have selected the "Send email with Cognito" option to reduce the SES
configuration effort. However, you better configure it for a production
environment.
Click Next to go to Step 5.
- Provide your desired name for the user pool
- Tick the "Use the Cognito Hosted UI" to enable the Cognito-provided login page
- Under the Domain, type anything you want
Under the Initial app client,
- Provide a name for the client
- Select "Generate a client secret"
- Provide a callback URL. You can provide anything you want, which means, running the application is not necessary
Then review and create. You will see your user pool is created below.
- Domain
- Client ID
- Client secret
In "Client secret", click on "show client secret" to get your client's
secret.
Register a user and get the code
Now, our user pool is created. Let's register a user and get the auth code.
Let's create the URL using postman. This is a redirection hence we copy this
URL in the browser.
"webapp12" is the name given in the domain section.
GET https://webapp12.auth.us-east-1.amazoncognito.com/oauth2/authorize?
response_type=code
&client_id=344q15buhamjg9ubg4fqtt9sma
&redirect_uri=http://localhost:8585
Click on "sign up" to register a user. Once the registration is completed
our callback URL will be called by Cognito. Copy the code part from it so
that we can invoke the token endpoint.
Exchange the code for the access token
Let's use the postman to retrieve the access token using the code received from the login step.curl -X POST https://webapp12.auth.us-east-1.amazoncognito.com/oauth2/token \
-d 'Content-Type=application/x-www-form-urlencoded
&client_id=344q15buhamjg9ubg4fqtt9sma
&client_secret=1ado709alnjm94ig13k8h61efuniefhrjv9hj1nuen4jviafb14u
&grant_type=authorization_code
&code=3b2f1e0c-c9f2-495d-b7ba-d87797e3dbac
&redirect_uri=http://localhost:8585'
With that, we have successfully obtained the access token which can use to
access secured back-end services.
However, this manual creation of the Cognito user pool is difficult to
maintain. That is why we better use a CloudFormation template for this.
Conclusion
In this article, we learned how to create a Cognito user pool from the AWS
console. After that, we use the token endpoint to retrieve an access token.
In an upcoming article, let's see how we can create a Cognito user pool in
infrastructure as code style.
Happy learning ☺
Comments
Post a Comment