Simple user registration with Amazon Cognito

Question

In the course of building an android application I've run into the heavy issue of user management.

I see all over the place services that allow for users to register in my app using google, facebook, amazon, twitter, etc. (Amazon Cognito, Janrain, Google Identity Toolkit).

Ideally I would like to make use of Amazon Web Services throughout my application and, thusly, would need to make use of Amazon Cognito. However, as far as I can tell Cognito only provides for simple user registration via Facebook, Amazon, and Google, with the added ability to merge with developer authenticated identities.

After multiple hours of research into developing my own identity provider structure, implementing authentication protocols and all that jazz, I've come to the conclusion I have no idea what I'm doing in that area and I'd be best served leaving it alone for now.

All I want is to allow users to register to use my app with an email, username, and password, with the option to merge with their social accounts later, via Amazon Cognito. I just can't seem to find any straightforward answers anywhere.

So, how can I create a simple user registration flow that creates users which can later be linked to their other social accounts via Amazon Cognito?

Answer 1

Amazon lately announced user pools that work as a fully managed authentication provider.

They take care of all the basic logic like user sign up, email verification, password reset, ect. and also provide some more advanced features like multi factor authentication or phone number verification.

The cool thing is these user pools scale up to hundreds of millions of users and you just use them the same way as you would have used other authentication providers (or you can of course combine them). Check out this to see how to set them up.

Answer 2

Amazon Cognito is not an authentication provider, so if you want to register your users with an email, username and password, you will have to implement your own backend, with a database to store all this user information. Since you said that you want to use AWS in your app, integrating your backend with Amazon Cognito will allow you to define policies so your users can access other resources in AWS. An example of this would be uploading files to S3 directly from your app, using a policy that allows your users to do this. You will be able to link your user accounts with other identity provider users (eg: Facebook users) using Amazon Cognito as well.

Have a look at this blogpost if you want to better understand how Cognito works with developer-authenticated users: http://mobile.awsblog.com/post/Tx2FL1QAPDE0UAH/Understanding-Amazon-Cognito-Authentication-Part-2-Developer-Authenticated-Ident