Authentication is an integral part of almost any application. Knowing who the user is, the unique identifier of the user, what permissions the user has, and whether they are logged in, allows your application to display the correct views and return the correct data for the current logged in user.

Most applications require mechanisms for registering users, logging in, processing encryption and updating passwords, as well as many other tasks related to identity management. Modern applications often require things like OAUTH (open authentication), MFA (multi-factor authentication) and TOTP (time-based time passwords).

In the past, developers had to manually spin all of these authentication features from scratch. This task alone can take weeks or even months from the development team to do everything right and make it safe. In this article, you’ll learn how to correctly and securely implement authentication in a React Native application using Amazon Cognito with AWS Amplify.

Amazon Cognito is AWS’s fully managed identity service. Cognito provides easy and secure user registration, logon, access control, token updating, and user identity management. Cognito scales to millions of users and also supports logging in with social network providers such as Facebook, Google and Amazon.

Cognito consists of two main parts: user pools and identity pools.

User Pools — User pools provide a secure user directory that stores all of your users and scales to hundreds of millions of users. This is a fully managed service. Like serverless technology, user pools are easy to configure, without having to worry about supporting any infrastructure. User pools are what manage all the users who register and log in to the account, and is the main part that we will focus on in this article.

Identity pools — Identity pools allow you to authorize users who are logged into your application to access various other AWS services. Suppose you want to give a user access to a lambda function so that he can receive data from another API. You can specify this when creating the identity pool. User pools include the fact that Cognito or even Facebook or Google user pools can be the source of these identifiers.

A scenario where an Amazon Cognito user pool and an identity pool are used together.

See the diagram for the general Amazon Cognito script. The goal here is to authenticate your user and then give him access to another AWS service.

1. At the first stage, the user of your application enters the system through the user pool and receives the tokens of the user pool after successful authentication.

2. Your application then exchanges user pool tokens for AWS credentials through the identity pool.

3. Finally, your application user can then use these AWS credentials to access other AWS services such as Amazon S3 or DynamoDB.

Cognito User Pools allows your application to call various methods for a service to manage all aspects of user authentication, including things like:

User registration

User Login

User Logout

Change user password

Reset User Password

MFA Code Verification

Amazon Cognito Integration with AWS Amplify

AWS Amplify supports Amazon Cognito in a variety of ways. First of all, you can create and configure Amazon Cognito services directly from the AWS Amplify command-line interface. By creating an authentication service through the CLI, you can call various methods (for example, signUp, signIn and signOut) from a JavaScript application using the Amplify JavaScript client library.

Amplify also has pre-configured user interface components that allow you to build entire authentication flows in just a couple of lines of code for environments such as React, React Native, Vue, and Angular.

You ask how much does it all cost?

Pay only for what you use. No minimum fees.

Using Amazon Cognito Identity to create a user pool, you pay only for the number of active users per month (MAU). MAUs are users who have performed at least one authentication operation during a calendar month: registration, authorization, token renewal, or password change. Subsequent sessions of active users and inactive users in this calendar month are not paid.