A Guide to User Authentication in Amazon Cognito using Python

Overview

In the previous blog post, we learned how to connect Amazon Cognito registration with Boto3. We made a signup part and set it up with the User Pool. In this new blog, we’ll find out how to do these things: resend a verification code, guide on how to log in to a user in the Amazon Cognito user pool, and handle forgotten and changed passwords using Boto3.

Introduction

Amazon Cognito is an Amazon Web Services (AWS) service that provides identity and user management for your applications. It’s commonly used to add user registration, authentication, and authorization features to web and mobile apps. Amazon Cognito simplifies handling user identities and securing access to your application’s resources.

Pioneers in Cloud Consulting & Migration Services

Reduced infrastructural costs
Accelerated application deployment

Get Started

Resend Verification Code Using Amazon Cognito, Python SDK Boto3

Imagine you didn’t get the verification code, or your app has a resending button. You can use AWS Cognito to resend the verification code in such cases. Here’s how to do it.

resend

When you execute the above code, you will get this back as a response,

resend2

Log in and get user details using Amazon Cognito, Python SDK Boto3

You’ve just made a new user and confirmed them. Now, the next thing to do is to log in and fetch some information about the user from Amazon Cognito. Here’s how you can do it.

Please be aware that sometimes you might encounter this error.

login2

If you come across this error, please go to the Amazon Cognito > User Pool > (Your-user-pool-name) > App integration > Select your App Client and navigate to the Authentication flows Configuration section. Make sure that you have the “ALLOW_USER_PASSWORD_AUTH” option selected. If you’re testing, you can enable all the options like this for testing purposes.

login3

After you use “initiate_auth” you’ll receive a JSON response. You only need to find AccessToken from this response and use it in the “get_user” function. When you do this, you’ll get the following response.

login4

Forgot Password Using Amazon Cognito, Python SDK Boto3

Using this method will send a message to the user. This message contains a code that they need to change their password. It’s an important step in keeping their account secure. Here’s how you can do it.

forgot

When you execute the above code, you will get this back as a response,

forgot2

Confirm Forgot Password using Amazon Cognito, Python SDK Boto3

confirm

You will receive this as a response when you execute the above code.

forgot2

Change the Password of an Existing User using Amazon Cognito

This method helps you change the password for a user with an account. It updates the password for a specific user in a user pool. To use this method, you must have the AccessToken of the user you want to change the password for.

change

When you execute the above code, you will get this back as a response,

change2

Conclusion

Amazon Cognito is a helpful service that handles your user management work. While it may incur some costs, it allows you to concentrate on the exciting parts of your application and not worry about handling user-related tasks.

You can be confident that AWS will handle things like keeping the service up-to-date with the latest security updates so you won’t have to worry about security vulnerabilities.

Drop a query if you have any questions regarding Amazon Cognito and we will get back to you quickly.

Making IT Networks Enterprise-ready – Cloud Management Services

Accelerated cloud migration
End-to-end view of the cloud environment

Get Started

About CloudThat

CloudThat is an official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner, and Microsoft Gold Partner, helping people develop knowledge of the cloud and help their businesses aim for higher goals using best-in-industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.

To get started, go through our Consultancy page and Managed Services Package, CloudThat’s offerings.

FAQs

1. Can I use Amazon Cognito User Pools for single sign-on (SSO) across multiple applications?

ANS: – Yes, Amazon Cognito User Pools can be used for SSO, allowing users to access multiple applications with a single set of credentials.

2. Is it possible to customize the email templates sent by Amazon Cognito for user verification and password reset?

ANS: – Yes, you can customize email templates in Amazon Cognito User Pools to match your application’s branding and messaging.

3. How does Amazon Cognito handle user account recovery, such as forgotten passwords?

ANS: – Amazon Cognito offers built-in account recovery options, including password reset via email or SMS, to help users securely regain access to their accounts.

WRITTEN BY Aritra Das

Aritra Das works as a Research Associate at CloudThat. He is highly skilled in the backend and has good practical knowledge of various skills like Python, Java, Azure Services, and AWS Services. Aritra is trying to improve his technical skills and his passion for learning more about his existing skills and is also passionate about AI and Machine Learning. Aritra is very interested in sharing his knowledge with others to improve their skills.