How I use Cognito UserPool as an IDP in IdentityPool

Well, the goal to write this article is to know how you configure AWS Cognito Userpool as an Identity Provider in Identity pool. AWS Cognito Provides User and Identity Pool. User pools are user directories that provide sign-up and sign-in options for your app users. Identity pools provide AWS credentials to grant your users access to other AWS services.

As this article stretches more on Identity Pool, lets discuss that, for better Understanding have a look onto the below diagram

Understanding Identity Pool

The problem I faced was to validate the Signature, i.e. to get your resources or data using API Gateway, you need to pass AWS Credentials in header for every request resources via AWS_IAM validates. I use Nodejs as my language to write code.

Here is a Snapshot of the code to pass AWS Credentials in request resources,

Here, as we take IDP as User Pool, so after successful verification from cognito User Pool, we receive a Id token, access token and a refresh token, we require id Token and is passed into the Function named allowAccess for further proccess.

For Verification through UserPool you have to mention this, in your Logins, like ‘cognito-id…../followed by user pool id’.

After verification of user pool with the id token(jwt) in logins section, AWS Cognito Identity pool will sent a temporary credentials using AWS STS for AWS IAM that contains accessKeyId, secretAccessKey and a sessionToken.

To Verify a Resource that was Protected by AWS IAM such as an API Gateway, you have to pass these temporary credentials into the request. For my use I have used an npm Package called aws4fetch, and import a Object named AwsClient, depicts into below picture.

If all things going good, you will see the result of the API data into your web/app. For Best Practice you can save your Credentials into the form of Cookies or Local Storage as you might want to verify other api or aws services using AWS_IAM.

Conclusion: So form the above steps we know how to integrate your UserPool as an Identity Provider for your Cognito Identity Pool to verify AWS Services.