User Login
Authentication Flow Components
1. User Interface
The user initiates the authentication process through the system's login interface.
2. Amazon Cognito
Amazon Cognito provides the following authentication services:
User pool management
Identity verification
Token issuance (JWT)
Multi-factor authentication (if configured)
Social identity federation (optional)
3. API Gateway
Once authenticated, the API Gateway:
Validates the authentication tokens
Authorizes access to protected resources
Routes requests to appropriate backend services
Authentication Process
Login Initiation
User enters credentials (username/email and password) in the login interface
The application forwards these credentials to Amazon Cognito
Authentication Verification
Amazon Cognito validates the provided credentials against the user pool
If valid, Cognito generates authentication tokens (ID, Access, and Refresh tokens)
If invalid, an authentication error is returned to the user
Token Management
ID Token: Contains user identity information
Access Token: Contains authorization information
Refresh Token: Used to obtain new tokens when current ones expire
API Access
The application includes the Access Token in the Authorization header of requests to API Gateway
API Gateway validates the token with a Cognito Authorizer
Validated requests are forwarded to backend services
Invalid tokens result in 401/403 errors
Security Considerations
All communication occurs over HTTPS
Tokens are securely stored in browser storage (preferably not in localStorage)
Session timeout is configured in Cognito to limit token validity
Failed login attempts are monitored with throttling in place to prevent brute force attacks
User Experience Considerations
Remember Me functionality is supported through Cognito settings
Password reset flows are handled through Cognito's built-in functionality
New user registration follows a similar flow with additional verification steps
Last updated