Amazon Cognito
Amazon Cognito is an AWS service that provides authentication, authorization, and user management for web and mobile applications. It supports OAuth2, OIDC, SAML federation, and social identity providers. Cognito has two main components: User Pools for user authentication and app integration, and Federated Identities for granting temporary AWS credentials to authenticated users. It includes multi-factor authentication, advanced security features, and customizable authentication flows.
APIs
Amazon Cognito Identity Provider
Control plane API for managing Cognito user pools, app clients, users, groups, identity providers, and resource servers. Supports user authentication flows including SRP, custom...
Amazon Cognito Identity (Federated Identities)
Federated identity service that issues temporary AWS credentials to authenticated and unauthenticated users from Cognito user pools, social identity providers (Facebook, Google,...
Capabilities
Amazon Cognito Identity Management Workflow
Unified workflow for identity and access management engineers to manage Cognito user pools, user accounts, groups, and federated identity pools. Combines the Identity Provider a...
Run with NaftikoFeatures
Fully managed user directories with sign-up, sign-in, and user profile management.
Standards-based OAuth2 authorization server and OpenID Connect identity provider for apps.
Integrate enterprise identity providers via SAML 2.0 for single sign-on.
Sign in with Google, Facebook, Apple, and Amazon without custom backend code.
Built-in MFA with SMS, TOTP, and email verification options.
Lambda triggers for custom authentication challenges, pre-signup validation, and post-confirmation.
Risk-based adaptive authentication with compromised credential detection and device tracking.
Grant temporary AWS credentials to users authenticated via user pools or social providers.
Pre-built customizable sign-in/sign-up pages with OAuth2 endpoint support.
Attribute-based access control with group-based IAM role assignment.
Use Cases
Add user registration, login, and session management to web and mobile applications.
Connect enterprise SAML identity providers for single sign-on to AWS-hosted applications.
Use Cognito JWT tokens to authorize access to API Gateway, AppSync, and custom APIs.
Manage consumer user accounts with self-service registration and profile management.
Issue scoped AWS credentials to authenticated users for direct service access.
Integrations
Validate Cognito JWTs for API Gateway authorizer integration.
Pre-built Amplify Auth library for easy Cognito integration in React, Vue, and mobile apps.
Trigger Lambda functions for custom authentication logic and user data enrichment.
Use Cognito identity IDs as DynamoDB partition keys for per-user data isolation.
Map Cognito groups to IAM roles for role-based access control to AWS services.
Use Cognito user pools as authorization mode for GraphQL API access control.