JWT SSO with Cognito
We're working on a react base web UI that uses SisenseJS (also working on Embed, but it's in progress).
We're looking at swapping from our current provider, Auth0 with a javascript rule used to generate the Sisense JWT, to using AWS Cognito. Anyone have any experience with Cognito in particular and the JWT SSO flow?
-
Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps. Your users can sign in directly with a user name and password, or through a third party such as Facebook, Amazon, Google or Apple.
The two main components of Amazon Cognito are user pools and identity pools. User pools are user directories that provide sign-up and sign-in options for your app users. Identity pools enable you to grant your users access to other AWS services. You can use identity pools and user pools separately or together.
Authentication typically consists of a user entering using a username or email and a password and then being granted access to different resources or services.
Authentication, by its very nature, relies on keeping the state of the User. This seems to contradict a fundamental property of HTTP, which is a stateless protocol.
JSON Web Token (JWT) provides a way to solve this issue. Your Angular app can talk to a backend that produces a token. The Angular app can then pass that token in an Authorization header to the backend to prove they are authenticated and needs access to the particular route or resources. The backend should verify the JWT and grant access based on its validity.
Please sign in to leave a comment.
Comments
1 comment