A Guide to User Authentication in Amazon Cognito using Python

Overview

In the previous blog post, we learned how to connect Amazon Cognito registration with Boto3. We made a signup part and set it up with the User Pool. In this new blog, we’ll find out how to do these things: resend a verification code, guide on how to log in to a user in the Amazon Cognito user pool, and handle forgotten and changed passwords using Boto3.

Pioneers in Cloud Consulting & Migration Services

Reduced infrastructural costs
Accelerated application deployment

Get Started

Introduction

Amazon Cognito is an Amazon Web Services (AWS) service that provides identity and user management for your applications. It’s commonly used to add user registration, authentication, and authorization features to web and mobile apps. Amazon Cognito simplifies handling user identities and securing access to your application’s resources.

Resend Verification Code Using Amazon Cognito, Python SDK Boto3

Imagine you didn’t get the verification code, or your app has a resending button. You can use AWS Cognito to resend the verification code in such cases. Here’s how to do it.

resend

When you execute the above code, you will get this back as a response,

resend2

Log in and get user details using Amazon Cognito, Python SDK Boto3

You’ve just made a new user and confirmed them. Now, the next thing to do is to log in and fetch some information about the user from Amazon Cognito. Here’s how you can do it.

Please be aware that sometimes you might encounter this error.

login2

If you come across this error, please go to the Amazon Cognito > User Pool > (Your-user-pool-name) > App integration > Select your App Client and navigate to the Authentication flows Configuration section. Make sure that you have the “ALLOW_USER_PASSWORD_AUTH” option selected. If you’re testing, you can enable all the options like this for testing purposes.

login3

After you use “initiate_auth” you’ll receive a JSON response. You only need to find AccessToken from this response and use it in the “get_user” function. When you do this, you’ll get the following response.

login4

Forgot Password Using Amazon Cognito, Python SDK Boto3

Using this method will send a message to the user. This message contains a code that they need to change their password. It’s an important step in keeping their account secure. Here’s how you can do it.

forgot

When you execute the above code, you will get this back as a response,

forgot2

Confirm Forgot Password using Amazon Cognito, Python SDK Boto3

confirm

You will receive this as a response when you execute the above code.

forgot2

Change the Password of an Existing User using Amazon Cognito

This method helps you change the password for a user with an account. It updates the password for a specific user in a user pool. To use this method, you must have the AccessToken of the user you want to change the password for.

change

When you execute the above code, you will get this back as a response,

change2

Conclusion

Amazon Cognito is a helpful service that handles your user management work. While it may incur some costs, it allows you to concentrate on the exciting parts of your application and not worry about handling user-related tasks.

You can be confident that AWS will handle things like keeping the service up-to-date with the latest security updates so you won’t have to worry about security vulnerabilities.

Drop a query if you have any questions regarding Amazon Cognito and we will get back to you quickly.

Making IT Networks Enterprise-ready – Cloud Management Services

Accelerated cloud migration
End-to-end view of the cloud environment

Get Started

About CloudThat

CloudThat is an award-winning company and the first in India to offer cloud training and consulting services worldwide. As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, and Google Cloud Platform Partner, CloudThat has empowered over 850,000 professionals through 600+ cloud certifications winning global recognition for its training excellence including 20 MCT Trainers in Microsoft’s Global Top 100 and an impressive 12 awards in the last 8 years. CloudThat specializes in Cloud Migration, Data Platforms, DevOps, IoT, and cutting-edge technologies like Gen AI & AI/ML. It has delivered over 500 consulting projects for 250+ organizations in 30+ countries as it continues to empower professionals and enterprises to thrive in the digital-first world.

FAQs

1. Can I use Amazon Cognito User Pools for single sign-on (SSO) across multiple applications?

ANS: – Yes, Amazon Cognito User Pools can be used for SSO, allowing users to access multiple applications with a single set of credentials.

2. Is it possible to customize the email templates sent by Amazon Cognito for user verification and password reset?

ANS: – Yes, you can customize email templates in Amazon Cognito User Pools to match your application’s branding and messaging.

3. How does Amazon Cognito handle user account recovery, such as forgotten passwords?

ANS: – Amazon Cognito offers built-in account recovery options, including password reset via email or SMS, to help users securely regain access to their accounts.

WRITTEN BY Aritra Das

Aritra Das works as a Research Associate at CloudThat. He is highly skilled in the backend and has good practical knowledge of various skills like Python, Java, Azure Services, and AWS Services. Aritra is trying to improve his technical skills and his passion for learning more about his existing skills and is also passionate about AI and Machine Learning. Aritra is very interested in sharing his knowledge with others to improve their skills.