(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014

MBL310 MBL311

web identity federation

Manage authenticated

and guest users across

identity providers

Identity Management

Synchronize user’s data

across devices and

platforms via the cloud

Data Synchronization

Securely access AWS

services from mobile

devices and platforms

Secure AWS Access

Guest Your own

MBL301

• Identity Pool: Pool of app users. Can be

shared across apps.

• Identity: An individual user. Consistent

across identity providers. Can be a guest

• Login: Identifier in a login provider

AWS Account

Dataset

IdentityIdentityIdentity

DatasetLogin

Identity

Sign up for an AWS account and login to the AWS Management

Console

Download and integrate the AWS Mobile SDK

Create an identity pool for authenticated and unauthenticated

users in the AWS Management Console

AssumeRoleWithWebIdentity

All this is handled by the credentials provider.

Cognito

– Identity Provider Access

"Version": "2012-10-17",

"Statement": [ {

"Effect": "Allow",

"Principal": { "Federated": "cognito-identity.amazonaws.com" },

"Action": "sts:AssumeRoleWithWebIdentity",

"Condition": {

"StringEquals": {

"cognito-identity.amazonaws.com:aud":

"us-east-1:12345678-dead-beef-cafe-123456790ab"

"ForAnyValue:StringLike": {

"cognito-identity.amazonaws.com:amr": "unauthenticated"

"Version": "2012-10-17",

"Statement": [ {

"Effect": "Allow",

"Condition": {

"StringEquals": {

Defines that we should trust Cognito

"Version": "2012-10-17",

"Statement": [ {

"Effect": "Allow",

"Condition": {

"StringEquals": {

Defines that we should trust identities from our pool

"Version": "2012-10-17",

"Statement": [ {

"Effect": "Allow",

"Condition": {

"StringEquals": {

Defines that we should trust unauthenticated identitities

"Version": "2012-10-17",

"Statement": [{

"Action": [

"mobileanalytics:PutEvents",

"cognito-sync:*"

"Effect": "Allow",

"Resource": [ "*" ]

"Version": "2012-10-17",

"Statement": [{

"Action": [

"cognito-sync:*"

"Effect": "Allow",

"Resource": [ "*" ]

Grants access to Analytics and Cognito Sync

"Version": "2012-10-17",

"Statement": [{

"Action": [

"cognito-sync:*"

"Effect": "Allow",

"Resource": [ "*" ]

May seem too permissive, but Cognito Sync prevents

identities accessing others data.

${cognito-identity.amazonaws.com:sub}

Will be replaced by the identity ID

${cognito-identity.amazonaws.com:sub}

Will be replaced by the identity ID

Your own UsernameAnd Password

Your own user authentication system

Several apps prefer to have their own username

and password instead of public identity providers

for authentication.

Manage mappings easily

Cognito manages the mappings across login

systems (public or private) using a unique Cognito

Easily integrate with existing systems

Implement GetOpenIdTokeForDeveloperIdentity()

using our server-side SDKs like Java, Python,

Ruby etc.

GetOpenIdTokenForDeveloperIdentity

This is handled by the credentials provider.

How does this feed to

credentials provider?

nGetOpenIdTokenForDeveloperIdentity

This can be handled

by custom

AWSIdentityProvider

• AWS Mobile Homehttp://aws.amazon.com/mobile

• AWS Mobile Bloghttp://mobile.awsblog.com

• Twitter@awsformobile

• Forumshttp://forums.aws.amazon.com

• StackOverflowhttp://stackoverflow.com/tags/amazon-cognito

• GitHubhttp://github.com/aws/

http://github.com/awslabs/

Please give us your feedback on this session.

Complete session evaluations and earn re:Invent swag.

http://bit.ly/awsevals

(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014

Technology

Transcript of (MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014

Character Sets Logins & Terminal Types

Easy logins for Ruby web applications

Amazon Cognito Sync API Reference - Amazon Web …awsdocs.s3.amazonaws.com/cognito/latest/cognito-sync-api.pdf · Welcome Amazon Cognito Sync provides an AWS service and client library

The Cognito automated threat detection and ... - Vectra AI · Cognito™ from Vectra ... By automating the manual, time-consuming analysis of security events, Cognito condenses weeks

Vectra Cognito - Ontrex · Vectra Cognito™ Vectra Cognito™ is the fastest, most efficient way to find and stop attackers in your network. It uses artificial intelligence to deliver

Adviser & Client logins

Cognito prelims 2015

Logins, Roles and Credentials

Avaya Aura Communication Manager Administrator Logins

cevi logins nieuwsbrief juni 2011 · Cevi / Logins nieuwsbrief voor de lokale & regionale besturen en voor de professional in de zorgsector 3 Logins NV Gnrl De Wittelaan 17 B32 -

Multiple vulnerabilities in Vectra Cognito Security advisory · Overview Cognito platform Cognito is the ultimate AI-powered cyberattack-detection and threat-hunting platform The

Amazon Cognito + Lambda + S3 + IAM

SIGN UPS AND LOGINS

Amazon Cognito - Developer Guide · Amazon Cognito Developer Guide Table of Contents What Is Amazon Cognito? ..... 1 Features of Amazon Cognito ..... 2 Getting Started with Amazon

Cognito Form: Capture UTMs using Iframe

Cognito Webinar PR and Regulation

COGNITO: Computerized Assessment of Information Processing

Vectra Cognito Platform Getting Started Guide

Chapter 6: Testing and Student Logins

Lutron RadioRA2 Integration GuideTelnet Logins Telnet Logins 1. From the Essential software menu bar, click Settings 2. Click Telnet Logins 3. Click "+ Click here to create a new telnet