Authentication
Authorization
If someone wants to gain access to the backend services, say a database, they cannot access the information unless they have authorization. So, until you give authority to your user to get into the secured backend resources, they’ll not be able to get in.
User Management
Through user management, AWS Cognito by default manages the data stored in the database of your user. You can gain access to this data through an SDK (software development toolkit). This user’s data can be email, phone number, or their first and last name.
User Pools
Through user pools, you give users access to your application. They can sign in or sign up using the traditional method of entering a username and password. Or, they can use third-party accounts such as Facebook, Google, or Apple. User pools let you have access to the profiles of the users logged into your website or application.
Features Of The User Pool
A customized authentication flow service is the flow that you can get through AWS lambda. The user pool directly doesn’t allow this, so you get it through AWS lambda. For example, before logging in to your application, instead of entering a password, the user gets an OTP. So, in this case, they just have to fill in their email or phone number to get access to your website/application. This is password less authentication.
User Directory And Profile Management
Through user directory and profile management, you can see and access the profiles of every user using the user pool. Fine-Grained Access Control with groups This feature of the user pool makes it easy for you to give access to your users according to priority.
For example, if you have an educational website, and you classify your users into two separate groups.
Group A-Teachers/Admin users
Students from Group B
Now, you can decide the extent of access for each group. Say group A are admin users. You give them full access to edit, upload, and create videos or content on your website. But for group B, who are students, you restrict access to reading or viewing only.
Similarly, you can grant different levels of access to people who subscribe to different plans in your mobile application. For example, subscribers to the basic plan get limited access. On the other hand, subscribers of the advanced plan get full access to the features of your application.
Server-Server Authority
User Migration Service
This feature helps in contacting one service to another. Such authority is possible with the user pool. Remembering user devices and 2FA/MA, phone and email verification. This includes security features like multi-factor authentication, remembering the devices of users, and phone or email verification.
Through this feature of the user pool, you can shift user directory services from a different system to somewhere else. You don’t have to reset passwords. And your users can log in as it is without having to reset their passwords. When your users get the user pool authentication, they get tokens, which can be traded for credentials. These credentials are important to gain access to other services.
Identity Pools
This works best when integrated with the user pool.
Sign-Up And Sign In With The User Pool
Your users can sign up or sign-in using the user pool. Otherwise, they can still use their social media accounts to gain authentication for the Cognito identity pool.
Access For Visitors
This feature of the identity pool gives guest users a certain authority to gain access to one or two of the backend services in a secure way.
User Data Sync Between Devices
While your user signs in to the identity pool, they get a unique identity. As you have access to your user profile, suppose you create some set of data and assign it to that identity. And afterwards, you may change the data or delete it. Such changes will occur on other devices instantly.
In short, your users’ identities are synced with other devices. Any changes to the identity get upgraded to other devices through push synchronization identity. Role-based access control at the user level. This is the same as assigning access to groups. But instead of the groups, you give access at a user level.
