Amazon Cognito is a user directory and an OAuth 2.0 identity provider (IdP). When you sign in local users to the Amazon Cognito directory, your user pool is an IdP to your app. A local user exists exclusively in your user pool directory without federation through an external IdP.
When you connect Amazon Cognito to social, SAML, or OpenID Connect (OIDC) IdPs, your user pool acts as a bridge between multiple service providers and your app. To your IdP, Amazon Cognito is a service provider (SP). Your IdPs pass an OIDC ID token or a SAML assertion to Amazon Cognito. Amazon Cognito reads the claims about your user in the token or assertion and maps those claims to a new user profile in your user pool directory. For more details, refer to the below documentation.
To set up external identity provider (OIDC) in an Amazon Cognito user pool and authenticate the user to access amazon chat in mobile, you can follow the steps mentioned below.
1. Set Up External IDP in AWS Cognito: You can enable your users who already have accounts with OpenID Connect (OIDC) identity providers (IdPs) to skip the sign-up step and sign in to your application using an existing account. With the built-in hosted web UI, Amazon Cognito provides token handling and management for all authenticated users. This way, your backend systems can standardize on one set of user pool tokens. Please refer to the below documentation, for more details.
2. Integrate OIDC Authentication in Mobile App: In your native mobile app, use an OIDC library or SDK to handle authentication. Also, implement the OIDC authentication flow in your app using the configuration details from the Cognito User Pool and external IDP.
3. Obtain OIDC Tokens: After successful authentication, your mobile app will receive OIDC tokens (id_token, access_token, and optionally refresh_token). Use these tokens to access resources in Amazon Cognito and Amazon Connect. When your user signs in to your application using an OIDC IdP, they pass through the following authentication flow mentioned in the documentation.
4. Access Amazon Connect Chat: Use the obtained tokens to authenticate with Amazon Connect. Implement the necessary logic in your mobile app to initiate and manage chat sessions with Amazon Connect.
These steps align with the general process of integrating OIDC authentication in a native mobile app to access Amazon Cognito and subsequently using the obtained tokens for authentication with Amazon Connect Chat.
[+] Code examples for Amazon Cognito Identity Provider using AWS SDKs - https://docs.aws.amazon.com/cognito/latest/developerguide/service_code_examples_cognito-identity-provider.html
- asked 4 years ago
- How do I set up an Application Load Balancer to authenticate users through an Amazon Cognito user pool?AWS OFFICIALUpdated a year ago
- How do I set up my Application Load Balancer to authenticate users through an Amazon Cognito user pool in another AWS account?AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 years ago
- EXPERTpublished 6 months ago