| Interface | Description |
|---|---|
| AmazonCognitoIdentity |
Interface for accessing Amazon Cognito Identity.
|
| AmazonCognitoIdentityAsync |
Interface for accessing Amazon Cognito Identity asynchronously.
|
| Class | Description |
|---|---|
| AbstractAmazonCognitoIdentity |
Abstract implementation of
AmazonCognitoIdentity. |
| AbstractAmazonCognitoIdentityAsync |
Abstract implementation of
AmazonCognitoIdentityAsync. |
| AmazonCognitoIdentityAsyncClient |
Client for accessing Amazon Cognito Identity asynchronously.
|
| AmazonCognitoIdentityAsyncClientBuilder |
Fluent builder for
AmazonCognitoIdentityAsync. |
| AmazonCognitoIdentityClient |
Client for accessing Amazon Cognito Identity.
|
| AmazonCognitoIdentityClientBuilder |
Fluent builder for
AmazonCognitoIdentity. |
Amazon Cognito is a web service that delivers scoped temporary credentials to mobile devices and other untrusted environments. Amazon Cognito uniquely identifies a device and supplies the user with a consistent identity over the lifetime of an application.
Using Amazon Cognito, you can enable authentication with one or more third-party identity providers (Facebook, Google, or Login with Amazon), and you can also choose to support unauthenticated access from your app. Cognito delivers a unique identifier for each user and acts as an OpenID token provider trusted by AWS Security Token Service (STS) to access temporary, limited-privilege AWS credentials.
To provide end-user credentials, first make an unsigned call to GetId. If the end user is authenticated with
one of the supported identity providers, set the Logins map with the identity provider token.
GetId returns a unique identifier for the user.
Next, make an unsigned call to GetCredentialsForIdentity. This call expects the same Logins map
as the GetId call, as well as the IdentityID originally returned by GetId.
Assuming your identity pool has been configured via the SetIdentityPoolRoles operation,
GetCredentialsForIdentity will return AWS credentials for your use. If your pool has not been configured
with SetIdentityPoolRoles, or if you want to follow legacy flow, make an unsigned call to
GetOpenIdToken, which returns the OpenID token necessary to call STS and retrieve AWS credentials. This call
expects the same Logins map as the GetId call, as well as the IdentityID
originally returned by GetId. The token returned by GetOpenIdToken can be passed to the STS
operation
AssumeRoleWithWebIdentity to retrieve AWS credentials.
If you want to use Amazon Cognito in an Android, iOS, or Unity application, you will probably want to make API calls via the AWS Mobile SDK. To learn more, see the AWS Mobile SDK Developer Guide.
Copyright © 2013 Amazon Web Services, Inc. All Rights Reserved.