Hacking Cognito
Last updated
Last updated
AWS Cognito is a managed service by AWS which helps you control access to AWS resource from your application. Cognito solves 2 major uses cases.
User Pools : Cognito lets you configure user management for your application which includes user Signin/Signup and Forget Passwords and hence stores all user data. The whole management is taken up by AWS and user just needs to create User Pools in cognito.
Fedrated indetity pools : Identity pools that allows authentiated and un-authenticated users to access AWS resource.
This shows how congito works for end application. User first performs signin and recives access token from Cognito. User then passes these access token to Cognito and receives back Secret keys for access to AWS Service.
User Pools in Cognito allows you to manage users for your applications and helps you configure the Signin and Singup flow for users along with the redirect after successful authentication.
The below screenshot indicates a user pool called securitylabs-articles
and also shows the user pool id.
The App Integration
tab contains App clients which has the CLIENT_ID
.
Fedrated Identity Pools controls the access for authenticated and unauthenticated users for the application.
The screenshot indicates the idenitity pool id.
Any authenticated requests sent to application is logged in Identity Browser. As indicated in the screenshot below, we see that a user with identityid us-east-2:85c7b6de-3a15-4b0a-a799-20df485734ab
recently logged in successfully into the application.
Clicking on the identityId reveals the user pool, user was associated with.
Cognito allows authenticated and unauthenticated access to the application.
In authenticated Cognito access you just need the IDENTITY_POOL_ID
which would allow you to fetch the STS tokens for unathenticated users.
In AWS Cognito authentication is handled by AWS where once done, it returns back TokenId which can be later used to fetch the STS tokens associated with the logged in user.
In this example we would discuss the USER_PASSWORD_AUTH
which allows applications to login the user via email and password.
For example, let ClientId for the User Pool be ae90p5f6au1cqso7sbl0h0eae
and credentials be securitylabs-articles@securitylabs.tech : vKEX@7Ti
. In such cases, we can initiate the authenitcation and obtain the TokenId.
Once TokenId is obtained, we would move to fetch the IdentityId
using the obtained TokenId. Lets assume the IdentityPoolId for the application is us-east-2:aac74edd-4d2c-4b8a-bb87-2064fc9ccd5b
and Cognito User Pool Id is us-east-2_rIJHISTX7
Once we have obtained the IdentityId, we can now fetch the STS tokens
We have now obtained the STS tokens for a authenticated user.