We have 3 user personas as mentioned below,
- B2B Client
- B2C Users
- Internal Users.
They have different web application to login with different urls and different set of use cases. So we have created a 3 different user pool and 3 different api gateway which will integrated with respective cognito user pool to validate the user login.
New use case:
We have built a use case where all these 3 users needs to get into video conference app. We are planning to host in single domain like video.company.com. All 3 users can login into video app, we need to authorize each user with corresponding user pool.
In backend we can have one api gateway and have 3 cognito user pools attached to it to validate the token.
We use hosted cognito webapp for providing the login page to users. This hosted app will belong to only one cognito user pool.
We are thinking of few ways
- Is there a way to use one hosted login page to authenticate and get token from the one of the user pool ?
- Assume #1 is not at all possible, then we are forced to build a simple custom login page, is it possible to evaluate the login credentials across all 3 cognito user pools ? Any support from amplify library ?
- Assume #2 is not possible, we will show the role of the user in page, when user select the role, we will navigate them to corresponding login page. how do we validate whether the user is logged in or not from different sub domain ? Any code samples here will be helpful ?
AWS OFFICIALUpdated a year ago
Couldn't you just have the user indicate which group they belong in at the login page and use that to route the credential check to the appropriate pool?