Amazon Cognito provides authentication, authorization, and user management for web and mobile apps. Users can sign in directly with a user name and password, or through a third party such as Facebook, Amazon, Google or Apple.
The two main components of Amazon Cognito are user pools and identity pools:
A user pool is a user directory in Amazon Cognito. With a user pool, your users can sign in to your web or mobile app through Amazon Cognito, or federate through a third-party identity provider (IdP).
With an identity pool, your users can obtain temporary AWS credentials to access AWS services, such as Amazon S3 and DynamoDB.
ModelOp Center Requirements
Following the OAuth 2.0 standard, ModelOp Center requires the following Amazon Cognito configurations when used with OAuth 2.0for a successful integration:
User pool
Resource server:
rs/modelop_client
App clients:
gateway-service
internal-client
external-integration-client
App Name | App Type | Client Secret Required | Authentication Flows | Allowed | OAuth 2.0 Grant Types | OpenID Connect Scopes | Custom Scopes |
|---|---|---|---|---|---|---|---|
gateway-service | Confidential |
| ✔️ |
|
| Authorization |
|
| ||||||
internal-client | Confidential | ✔️ |
| Client |
| ||
external-integration-client | Public |
|
| Implicit |
|
*Default selection includes the following authentication flows:
ALLOW_REFRESH_TOKEN_AUTHALLOW_CUSTOM_AUTHALLOW_USER_SRP_AUTH
Amazon Cognito Guide
For detailed instructions on how to setup Amazon Cognito with the required configurations, please follow the Amazon Cognito: How to create a user pool, resource server and app clients guide.