Need help?

Our experts have had an average response time of 11.7 minutes in August 2021 to fix urgent issues.

We will keep your servers stable, secure, and fast at all times for one fixed price.

How to configure Amazon Cognito user pool

by | Oct 26, 2021

Configure Amazon Cognito user pool like an expert with Bobcares by your side.

Our Support Engineers have come up with different methods to help you configure the Amazon Cognito user pool.

We come across similar queries like these every day as a part of our Server Management Services.

About Amazon Cognito user pool

Setting up an Amazon Cognito user pool as an authorizer in your Amazon API Gateway REST API is easy with our Support Engineers to guide you. In fact, you can accomplish this task via two methods.

  • By creating a COGNITO_USER_POOL authorizer
  • By creating an AWS Lambda authorizer

In this article, we are going to take a look at creating a COGNITO_USER_POOL authorizer.

Prerequisites for configuring Amazon Cognito user pool

Before we move on to creating a COGNITO_USER_POOL authorizer, verify that the prerequisites are ready:

  • An API Gateway REST API resource.
  • An Amazon Cognito user pool along with an app client.

How to create a COGNITO_USER_POOLS authorizer

  1. First, either choose an existing API in API Gateway or create a new API.
  2. Then, select Authorizers in the main navigation pane under the specific API.
  3. After that, select Create New Authorizer.
  4. Next, we will configure the new authorizer to use a user pool as seen below:
    • Enter an authorizer name in Name.
    • Choose the Cognito option.
    • Select a region in the Cognito User Pool section.
    • Choose an available user pool
    • Then, enter Authorization for Token source.
    • Finally, integrate the user pool with the API by choosing Create.

Configure Amazon Cognito user pool: Test the new COGNITO_USERS_POOL authorizer

Once you have created the COGNITO_USER_POOLS authorizer, you can test it with the following steps:

  1. First, select the Test button under the newly created authorizer in the API Gateway Console.
  2. Then, enter an ID Token for Authorization in the Test window.
  3. Next, select Test.

This test will return a 200 response code if the ID token is correct, whereas an incorrect ID token results in a 401 response code.

Configuring COGNITO_USER_POOLS authorizer on an API method

Our Support Engineers are here with four ways to get authorization tokens.

  1. The hosted web UI for Amazon Cognito
  2. The AWS CLI
  3. One of the AWS SDKs
  4. Postman app

Authorization tokens via hosted web UI for Amazon Cognito

Let’s take a look at how our Support Engineers recommend getting authorization tokens via hosted web UI for Amazon Cognito with Authorization Code Grant Flow:

  1. First, send an HTTP GET request to URL seen below:
    https://<your_domain>/authorize?response_type=code&client_id=<your_app_client_id>&redirect_uri<your_callback_url>

    Remember to replace <your_domain> with user pool’s domain name, <your_app_client_id> with user pool’s app client ID and <your_callback_url> with callback URL.

  2. Next, log into the user pool or federated identity provider. The UI will redirect to the URL mentioned in the callback for the app client.
  3. After that, send an HTTP POST request to /oauth2/token endpoint.

Let’s take a look at how our Support Engineers recommend getting authorization tokens via hosted web UI for Amazon Cognito with Implicit grant flow:

  1. First, send an HTTP GET request to this URL:
    https:///authorize?response_type=token&client_id= &redirect_uri=

    Remember to replace <your_domain> with user pool’s domain name, <your_app_client_id> with user pool’s app client ID and <your_callback_url> with callback URL.

  2. After that, log into the user pool with the existing user’s username and password. You can also create a new user to log in. You will be redirected to the URL mentioned in the app client’s callback.

Authorization tokens via the AWS CLI

To get authorization tokens using the AWS CLI, run the following command:

aws cognito-idp initiate-auth --auth-flow USER_PASSWORD_AUTH --auth-parameters USERNAME=testuser,[email protected] --client-id <app client id>

Remember to replace auth-flow, –client-id, and –auth-parameters with the values you are using.

You can also get authorization tokens using Postman via the Oauth 2.0 authorization mode.

[Server Management giving you trouble? We are just a click away.]

Conclusion

At the end of the day, the skilled Support Team at Bobcares demonstrated how to configure Amazon Cognito user pool.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF