# Hacking Cognito ## Cognito AWS Cognito is a managed service by AWS which helps you control access to AWS resource from your application. Cognito solves 2 major uses cases. 1. User Pools : Cognito lets you configure user management for your application which includes user Signin/Signup and Forget Passwords and hence stores all user data. The whole management is taken up by AWS and user just needs to create User Pools in cognito. 2. Fedrated indetity pools : Identity pools that allows authentiated and un-authenticated users to access AWS resource. ### Cognito User flow

This shows how congito works for end application. User first performs signin and recives access token from Cognito. User then passes these access token to Cognito and receives back Secret keys for access to AWS Service. ## User Pools User Pools in Cognito allows you to manage users for your applications and helps you configure the Signin and Singup flow for users along with the redirect after successful authentication. The below screenshot indicates a user pool called `securitylabs-articles` and also shows the user pool id.

The `App Integration` tab contains App clients which has the `CLIENT_ID`.

## Fedrated Identity Pools Fedrated Identity Pools controls the access for authenticated and unauthenticated users for the application. The screenshot indicates the idenitity pool id.

Any authenticated requests sent to application is logged in Identity Browser. As indicated in the screenshot below, we see that a user with identityid `us-east-2:85c7b6de-3a15-4b0a-a799-20df485734ab` recently logged in successfully into the application.

Clicking on the identityId reveals the user pool, user was associated with.

### Cognito Authentication Cognito allows authenticated and unauthenticated access to the application. #### Unauthenticated Cognito Access In authenticated Cognito access you just need the `IDENTITY_POOL_ID` which would allow you to fetch the STS tokens for unathenticated users. ```python IDENTITY_POOL_ID = "us-east-2:aac74edd-4d2c-4b8a-bb87-2064fc9ccd5b" client = boto3.client('cognito-identity',region_name='us-east-2') _id = client.get_id(IdentityPoolId=IDENTITY_POOL_ID)['IdentityId'] credentials = client.get_credentials_for_identity(IdentityId=_id) print(credentials) ```

#### Authenticated Cognito Access In AWS Cognito authentication is handled by AWS where once done, it returns back TokenId which can be later used to fetch the STS tokens associated with the logged in user. In this example we would discuss the `USER_PASSWORD_AUTH` which allows applications to login the user via email and password. For example, let ClientId for the User Pool be `ae90p5f6au1cqso7sbl0h0eae` and credentials be `securitylabs-articles@securitylabs.tech : vKEX@7Ti`. In such cases, we can initiate the authenitcation and obtain the TokenId. ```python import boto3 client = boto3.client("cognito-idp", region_name="us-east-2") response = client.initiate_auth(ClientId='1mf96jsi4jhs31qg2bq7p4lken',AuthFlow="USER_PASSWORD_AUTH",AuthParameters={"USERNAME":'securitylabs-articles@securitylabs.tech','PASSWORD':'vKEX@7Ti'}) tokenid = response['AuthenticationResult']['IdToken'] ``` Once TokenId is obtained, we would move to fetch the `IdentityId` using the obtained TokenId. Lets assume the IdentityPoolId for the application is `us-east-2:aac74edd-4d2c-4b8a-bb87-2064fc9ccd5b` and Cognito User Pool Id is `us-east-2_rIJHISTX7` ```python identity=boto3.client("cognito-identity",region_name="us-east-2") identity_id = identity.get_id(IdentityPoolId='us-east-2:aac74edd-4d2c-4b8a-bb87-2064fc9ccd5b',Logins={'cognito-idp.ap-south-1.amazonaws.com/ap-south-1_zWBLhpAlk':tokenid})['IdentityId'] ``` Once we have obtained the IdentityId, we can now fetch the STS tokens ```python credentials = identity.get_credentials_for_identity(IdentityId='us-east-2:aac74edd-4d2c-4b8a-bb87-2064fc9ccd5b',Logins={'cognito-idp.ap-south-1.amazonaws.com/us-east-2_rIJHISTX7':tokenid})['Credentials'] access_key = credentials['AccessKeyId'] secret_key = credentials['SecretKey'] session_token = credentials['SessionToken'] ``` We have now obtained the STS tokens for a authenticated user.