Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series
-
Upload
amazon-web-services -
Category
Technology
-
view
2.868 -
download
3
Transcript of Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series
![Page 1: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/1.jpg)
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Tim Hunt, Sr. Product Manager, Amazon Cognito
June 30, 2016
Getting Started with Your User Pools in Amazon Cognito
![Page 2: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/2.jpg)
Topics
AWS Mobile Services and Amazon Cognito Introduction to Your User Pools Summary of Features Demo Deeper Dive in a Few Areas Getting Started Q & A
![Page 3: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/3.jpg)
The Best Mobile Apps Run on AWS
![Page 4: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/4.jpg)
AWS Mobile Services Eliminate the Heavy Lifting
When developing mobile apps today, you want to focus on ...
The great stuff that makes your app unique
Not…
The heavy lifting needed to manage backend infrastructure
![Page 5: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/5.jpg)
AWS Mobile SDKs
AWS Mobile Hub
Authenticate users
Analyze User Behavior
Store and share media
Synchronize data
Deliver media
Amazon Cognito (Sync)
Amazon Cognito(Identity) Amazon S3
Amazon CloudFront
Store dataAmazon DynamoDBAmazon RDS
Track RetentionAmazon Mobile Analytics
Send push notificationsAmazon SNS Mobile Push
Server-side logicLambda
Device Farm
Test your app
Amazon Mobile Analytics
Build and Scale Your Apps on AWS
![Page 6: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/6.jpg)
AWS Mobile Hub: Fastest Way to Build Apps on AWS
![Page 7: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/7.jpg)
Manage authenticated and guest users’
access to your AWS resources
Federated Identities
Synchronize user’s data across devices and
platforms via the cloud
Data Synchronization
Add sign-up and sign-in with a fully
managed user directory
Your User Pool
GuestYour ownauth
Amazon Cognito Identity Amazon Cognito Sync
Amazon Cognito Identity and Sync
k/v data
SAML
![Page 8: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/8.jpg)
Sign in with Facebook
Or
Username
Password
Sign In
Or
Start as a guest
Authenticate via 3rd party Identity Providers
Amazon Cognito Identity and User Experience
Guest Access
Your User Pool in Amazon Cognito
Amazon Cognito Identity provides temporary credentials to securely access your resources
DynamoDB
S3
API Gateway
![Page 9: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/9.jpg)
A Fully Managed User Directory in Cognito
Add sign-up and sign-in easily to your mobile and
web apps
Easy User Management
Verify phone numbers and email addresses and offer multi-factor authentication
Enhanced Security Features
Launch a simple, secure, low-cost, and fully managed
service to create and maintain a user directory
that scales to 100s of millions of users
Managed User Directory
![Page 10: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/10.jpg)
Comprehensive User Scenarios
Email or phone number Verification
Forgot Password
User sign-up and sign-in
Users verify their email address or phone number prior to activating an account
Users can change their password if they forget it
Users sign-up using email, phone number or user name and password.Users can then sign-in.
User Profile Retrieve and update user profiles, including custom attributes
SMS-based MFA If enabled, users complete Multi-Factor Authentication (MFA) with a confirmation code via SMS as part of sign-in and forgot password flows
![Page 11: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/11.jpg)
Comprehensive Administrator Scenarios
Manage users in a User Pool
Select Email and Phone Verification
Customize with Lambda Triggers
Setup Password Policies
Create and manageUser Pools
List, search and perform actions on specific user(s) in the User Pool
Configure verifications of users’ email addresses and phone numbers (via SMS)
Create functions in AWS Lambda to customize workflows
Control password requirements like minimum length, uppercase, and inclusion of special characters
Create, configure and delete multiple User Pools in their AWS account
Define Attributes Select required attributes and Define custom user attributes
![Page 12: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/12.jpg)
Secure Sign-in Made Easy
Token-based Authentication
Secure Remote Password Protocol
SMS-based Multi-factor Authentication
Uses tokens based on OpenID Connect (OIDC) and OAuth 2.0 standards
Uses Secure Remote Password (SRP) for secure password handling end to end
Enables your end users to user the text messaging functionality of a mobile phone as an extra layer of security
![Page 13: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/13.jpg)
Customization using Lambda hooks
Lambda Hook Example Scenarios
Pre user sign-up Custom validation to accept or deny the sign-up request
Custom message Advanced customization and localization of verification messages
Pre user sign-in Custom validation to accept or deny the sign-in request
Post user sign-in Event logging for custom analytics
Post user confirmation Custom welcome messages or event logging for custom analytics
![Page 14: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/14.jpg)
Cognito User and Federated Identities
Cognito User Identities(Your User Pool)
User
Sign-in1Returns Accessand ID Tokens
2
Cognito Federated Identities(Identity Pool)
Get AWS scoped credentials
3
Accessto AWS Services
4
DynamoDBS3 API Gateway
![Page 15: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/15.jpg)
Demo
![Page 16: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/16.jpg)
Understanding User Status
New users start with “Registered” status
Users must be confirmed before they can sign-in
Users must be disabled before they can be deleted
Registered(cannot sign in)
Sign-up
Confirmed
Disabled
Verify email Verify phoneor
Disable
Delete
(deleted)
Lambda Trigger:Pre Sign-up
![Page 17: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/17.jpg)
Verifying Email and Phone
Your User Pools provide built-in verification of email addresses and phone numbers
A six digit code is sent as an email message or SMS text and is submitted via the VerifyUserAttribute API
If both a phone number and email address are provided at sign-up, a verification code will only be sent to the phone
Your app can call GetUser to see if an email address or phone number is awaiting verification, and then call GetUserAttributeVerificationCode to initiate the verification
Your verification code is 938764
![Page 18: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/18.jpg)
Using Aliases in Amazon Cognito User Pools
Sign-up and sign-in with email is very common today
Aliases in Amazon Cognito support use of email, phone or preferred user name in place of the user name
A username value must be provided at sign-up, but it could be generated by the app and not exposed to the end user
Phone numbers and email addresses must be unique and must be verified before they can be used to sign-in
My App
Password
Sign In
Sign Up
![Page 19: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/19.jpg)
Getting Started with Your User Pools
See aws.amazon.com/cognito/dev-resources/ for links to
SDKs for iOS, Android, and JavaScript Sample apps for iOS and Android
AWS Mobile Blog article describes them Developer Guide API Reference Guide
![Page 20: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/20.jpg)
Thank You!
Visit aws.amazon.com/cognito/ to learn more
![Page 21: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/21.jpg)
Q & A
Visit aws.amazon.com/cognito/ to learn more
![Page 22: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/22.jpg)
Appendix
![Page 23: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/23.jpg)
AWS Resources
Authentication – Supported Providers:
Authorization / Permission
Cognito User and Federated Identities
Social Identity Providers Developer Provided
Enterprise Identity Provider
via SAML(coming)
Authenticate users and generate identity
tokens
Validates identity tokens and provides credentials to access
AWS resources
Cognito Identity
Cognito Identity
![Page 24: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/24.jpg)
Pricing
Pricing is based on Monthly Active Users (MAUs) with volume-based discounting A user is counted as a MAU if there is an identity operation related to that user within a
calendar month (e.g., sign-up, sign-in, token refresh, or password change) No charge for subsequent sessions or for inactive users
SMS charges are billed separately (using the SNS Global SMS feature)
Pricing Tier Price per 1K MAUsFirst 50,000 MAUs FreeNext 50,000 MAUs $5.50
Next 900,000 MAUs $4.60Next 9,000,000 MAUs $3.25
>10,000,000 MAUs $2.50
![Page 25: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/25.jpg)
Amazon Cognito Sync
User Data Storage andSync
Any Platform
iOS/Android/FireOS
Store app data, preferences, and stateSave app and device data to the cloud and merge them after login
Cross-device / Cross-OS Sync Sync user data and preferences across devices with a few lines of code
Work offlineData always stored in local SQLite DB firstWorks seamlessly with intermittent or no connectivity
k/v data
Identity pool
No back endSimple client SDK eliminates need for server side code
© 2015 Amazon Web Services, Inc. and its affiliates. All rights reserved.
![Page 26: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/26.jpg)
Push Sync Sync between devices in near real-time
using push instead of polling Fewer syncs = cost savings Powered by SNS Push changes from your backend
![Page 27: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/27.jpg)
Cognito Streams Enables deeper analysis of data Receive a stream of any updates to a dataset for each identity in
your identity pool Publishes updates to Kinesis From Kinesis write to other destinations such as Redshift or
ElasticSearch
RedShift
ElasticSearch
KinesisCognito
![Page 28: Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webinar Series](https://reader034.fdocuments.in/reader034/viewer/2022050613/587156c01a28ab8e5b8b54a1/html5/thumbnails/28.jpg)
Cognito Events Can be used to provide data validation (Cheating, Sanitization)
Can be used to inject data (Bonuses, Content)
Perform additional logic server side during a synchronize call
Full control over dataset contents
LambdaCognito