Cognito Flashcards
Cognito
What do you give and get from a User Pool?
Give creds, get JSON web token
Cognito
How does a User Pool get access to AWS for users?
It doesn’t. Yea, strange. It only gives JWTs.
Cognito
Where do identities come from for User Pools?
Internal database or federated identity providers
Cognito
What identity providers can you link to a User Pool?
Facebook, Google, Amazon, Apple, SAML, Open ID Connect
Cognito
What do you give and get from an Identity Pool?
Give external assertion, get temp AWS creds
Cognito
What are examples of sources of identities for an IdP?
Facebook, Google, Amazon, Apple, Tritter, SAML, Cognito User Pool JWT!
Cognito
What do you do with a JWT from a User Pool?
Use it in your on-prem systems, exchage for creds with Identity Pool, or use with API Gateway.
Cognito
How do you use Cognito IdP to support Google and Facebook login?
Can’t. Each IdP is a single provider. Create two pools, and handle two types of logins.
Cognito
How to you architect around many external providers of identity (Google+Facebook)?
Cognito User Pool for all providers, get single JWT, IdP with only User Pool as identity provider.
Cognito
What roles are set up in a Cognito IdP?
Authenticated and Unauthenticated (guest access) IAM Roles.
Cognito
If I can use Google (for example) with both User Pool and IdP, why have both?
User Pools are about redirecting users to the right place, IdPs start with the external token already acquired.
Cognito
Can you do MFA with Cognito users?
Yes
Cognito
How does Cognito save you (a dev) development time?
Customizable web UI to sign-up and manage your user account
Cognito
What type of auth does a Cognito user UI provide?
OAuth 2.0
Cognito
How do you customize what happens inside Cognito?
Link your custom AWS Lambda functions to trigger on Cognito events