site-logo

JAWS PANKRATION 2024

site-logo
HomeNewsTimetableCfPCommitteePromotionFollow UpPrivacy Policy

How to use Amazon Cognito Userpools with custom UI and also OIDC

Lv200

Lv200

2024/8/25 09:20 (JST)

セッション情報

When building web services and REST APIs on AWS, Amazon Cognito Userpools is often used for authentication and authorization.

However, one limitation of the Amazon Cognito Userpools is that if you use a custom UI for the authentication page, the OIDC, Open ID Connect endpoint itself will not be available.

In this presentation, I will talk about how to use OIDC with Amazon Cognito Userpools while using a custom UI.

Kenichiro  Kimura

Kenichiro Kimura

- AWS Community Builders -

- AWS User Community Leaders -



セッションカテゴリ
Web and mobile frontend
Security
Identity and compliance
etc


関連AWSサービス
Amazon Cognito Userpools

セッション資料

セッションアーカイブ

セッションサマリ(by Amazon Bedrock)
    The presentation discusses authentication and authorization using Amazon Cognito and user pools, focusing on using custom UI and OIDC endpoints simultaneously. The speaker, Kenichiro Kimura, introduces himself as a technical architect from Fukuoka, Japan. The main points include: 1. AWS Amplify Identity Broker allows using Cognito User Pools with custom UI and flows while utilizing OIDC endpoints. 2. Cognito User Pools is a user directory service for authentication and authorization in web and mobile applications. 3. Hosted UI is a pre-prepared UI for Cognito User Pools, which can be customized to some extent. 4. For complex customization, developers need to create their own UI using Cognito SDK, but this requires implementing OIDC endpoints, which is time-consuming. 5. The AWS Amplify Identity Broker project is introduced as a solution, providing sample code for implementing custom UI and flows while using OIDC endpoints. 6. The Identity Broker implements various features, including sign-up, sign-in, OIDC provider functions, and customizable UI with internationalization. 7. The architecture uses Lambda functions for endpoints and a Single Page Application (SPA) for the UI. 8. Two authentication flow patterns are explained: using the Identity Broker's UI and using a custom UI. 9. Some limitations and unimplemented features of the Identity Broker are discussed, including the inability to use the OIDC nonce parameter. 10. The speaker recommends using PKCE flow instead of implicit flow when using the Identity Broker due to limitations. In conclusion, while the Identity Broker has some limitations and is an open-source sample implementation, it is a valuable project for those wanting to use custom UI with OIDC specifications on Cognito User Pools.

©JAWS-UG (AWS User Group - Japan). All rights reserved.