Dev/Aws-Cognito

User pools stores user data basic authentication - JWT tokens -> authenticated - yes or no Identity pools fine grained access control - user assumes an identity can directly call AWS SDK commands User Pools (1) Get Auth Token User -> Cognito username password <- response– session object JWT token … (2) Get data User –> Secured API JWT token <-response– data Identity Pools (1) Get Auth Token User -> Cognito...

44-53 (44) Section intro cognito user pools JWT tokens groups (45) AWS Cognito AWS Cognito - user pool vs identity pool (46) Cognito in AWS console create user pool create app integration create app client command line force set password for user for dev aws cognito-idp admin-set-user-password --user-pool-id ${USER_POOL_ID} --username ${TEST_USER_NAME} --password "${TEST_USER_PASSWORD}" --permanent or with 1password cli op run -- bash -c 'aws cognito-idp admin-set-user-password --user-pool-id ${USER_POOL_ID} --username ${TEST_USER_NAME} --password "${TEST_USER_PASSWORD}" --permanent' (47) Generating JWT tokens with AWS Amplify (for dev within the playground)...

54-61 (54) Section intro AWS Cognito - user pool vs identity pool (55) AWS Cognito Identity pools in the console Authenticated role selection A) use default role authenticated unauthenticated B) choose role with rules ??? C) choose role from token (-> this app) user -> group -> role (56) Getting AWS temporary credentials // skipped (57-59) Identity pools in CDK link to userPoolGroup via roleArn new CfnUserPoolGroup(this.scope, 'admins', { groupName: 'admins', userPoolId: this....