By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cognito User Pool : callback URL for Android Serverless app

0

Hello guys ! I want to create an Android app that uses AWS to do heavy calculations (ie generate images with stable diffusion). The app will ask for these AWS ressources with Amazon API Gateway. Unregistered users must not be able to access this API (they have to register and pay, first). I want to use Google Login as only way to sign in and log in (just like most games on Android ; no passwords). I heard Cognito User Pool was designed for this purpose.

But now, I’m quite confuse. I need a callback URL to create a Cognito User Pool, but I don’t have any servers. I don’t have an URL to redirect to. How does this works ? Am I missing something ? Can’t I use Cognito this way, to ensure that only registered users can access my Amazon API Gateway ?

Thanks in advance !

Topics
ServerlessFront-End Web & MobileNetworking & Content DeliverySecurity, Identity, & Compliance
Tags
Amazon API GatewayAmazon Cognito
Language
English
LorenzoVILLARD
asked a year ago890 views
1 Answer
1
Accepted Answer

Hi,

I'd say the point is how to manage the authentication process. Amazon Cognito user pools can help you implement Social sign-in, for example using Google, but still there have to be integrations running at the back-end. One of those integration is actually between Amazon Cognito and the Identity Provider (IdP) which is Google in this case.

You can take a look at https://docs.aws.amazon.com/cognito/latest/developerguide/authentication.html that explains “Your app users can sign in either directly through a user pool, or federate through a third-party identity provider (IdP). The user pool manages the overhead of handling the tokens that are returned from social sign-in through Facebook, Google, Amazon, and Apple, and from OpenID Connect (OIDC) and SAML IdPs. After successful authentication, Amazon Cognito returns user pool tokens to your app. You can use the tokens to grant your users access to your own server-side resources, or to the Amazon API Gateway.

Another option that you could evaluate is Amazon Cognito identity pools (federated identities), instead of Amazon Cognito user pools. These are a couple of references that might help. Pay particular attention to the second link wiht the authentication flow.

https://docs.aws.amazon.com/cognito/latest/developerguide/getting-started-with-identity-pools.html

https://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flow.html

Of course, there are always trade-offs, pros and cons.

I hope this helped and good luck!!!

AWS
SergioA
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content