Cognito Flashcards
Amazon ____ lets you add user sign-up, sign-in, and access control
to your web and mobile apps quickly and easily.
Cognito
Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and enterprise identity providers, such as Microsoft Active Directory.
True or False
True
With Amazon Cognito user pools groups, you can manage your users and their access to resources by mapping _____ to groups.
IAM roles
Benefits of Amazon Cognito ?
- Scalable user directory
- Social and enterprise identity federation
- Security for your apps and users
- Access control for AWS resources
- Easy integration with your app
A user ___ is a user directory in Amazon Cognito.
pool
User pools provides :
- Sign-up and sign-in services.
- A built-in, customizable web UI to sign in users.
- Social sign-in with Facebook, Google, Amazon, Apple, as well as sign-in with SAML identity providers from your user pool.
- User directory management and user profiles.
- Security features such as multi-factor authentication (MFA), checks for compromised credentials, account takeover protection, and phone and email verification.
- Customized workflows and user migration through AWS Lambda triggers.
After successfully authenticating a user, Amazon Cognito issues ____that you can use to secure and authorize access to your own APIs, or exchange for AWS credentials.
JSON web tokens (JWT)
Using a JWT allows the token to be validated locally, without making an HTTP request back to the IdP, thereby increasing your application’s performance.
Applications can make use of data inside the token, further reducing expensive HTTP calls and database lookups.
True or False
True
JWT can be stored in a shared caching server so applications can scale out easily as servers don’t need to store user session.
True or False
True
____ is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.
OAuth
_____ is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider
Security Assertion Markup Language (SAML)
____ is an XML-based markup language for security assertions. Used commonly for enterprise users.
SAML
AWS supports identity federation with SAML 2.0 that enables federated single sign-on (SSO), so users can log into the AWS Management Console or call the AWS API operations without you having to create an IAM user for everyone in your organization.
True or False
True
You can configure an app client for accessing Amazon Cognito from your application through SDK. You can also generate the client secret that is used by only application and authentication server (or another app), not communication between application and user! Never issue a client secret for public front-end apps like React. Instead, use only when authenticating microservice to microservice communication
True or False
True
User Pool App Client Token types
- Refresh token - Refresh Tokens are credentials used to obtain access tokens
- ID token - The ID Token is a security token granted by the OpenID Provider that contains information about an End-User. This information tells your client application that the user is authenticated, and can also give you information like their username or locale.
- Access token (Authorization) - Access tokens, on the other hand, are not intended to carry information about the user. They simply allow access to certain defined server resources.
