How to Configure AWS Cognito for Login Flow

 

To set up the AWS Cognito for the registration/login flow, follow these steps:

First Flow: User Registration in Cognito1. Install the following NuGet packages in your .NET project:
 

<PackageReference Include="Amazon.AspNetCore.Identity.Cognito" Version="3.0.1" />

<PackageReference Include="Amazon.Extensions.Configuration.SystemsManager" Version="5.0.0" />

<PackageReference Include="AWSSDK.SecretsManager" Version="3.7.101.27" />

Declare AWS configuration values in appsettings:

"Region": "me-south-1",

"UserPoolClientId": "UserPoolClientId",

"UserPoolClientSecret": "UserPoolClientSecret",

"UserPoolId": "me-south-pool"

 

Additional Configuration

Add authentication in program/startup files to enable sign-in with Cognito.



2. Create a CognitoUserPool with a unique ID in the controller:

private readonly CognitoUserPool _pool;

private readonly CognitoUserManager<CognitoUser> _userManager;

var user = _pool.GetUser(registerUserRequest.LoginId);

3.Add user attributes (email, phone number, custom attributes) using user.Attributes.Add().
 

user.Attributes.Add(CognitoAttribute.Email.AttributeName, registerUserRequest.Email);

user.Attributes.Add(CognitoAttribute.PhoneNumber.AttributeName, registerUserRequest.Mobile);

user.Attributes.Add("custom:branch_code", registerUserRequest.BranchCode);

user.Attributes.Add("custom:preferred_mode", preferedMode);

4. Create the user:

cognitoResponse = await _userManager.CreateAsync(user, registerUserRequest.Password);

Check cognitoResponse.Succeeded to determine if the user was created successfully.

 

Second Flow: User Login with Cognito

1.Search for the user in Cognito using the login ID:

var cognitoUser = await _userManager.FindByIdAsync(loginUserRequest.LoginId);

 

2.Set a password for the Cognito model:

var authRequest = new InitiateSrpAuthRequest

{

   Password = loginUserRequest.Password

};

 

3.Use StartWithSrpAuthAsync to get the session ID:

var authResponse = await cognitoUser.StartWithSrpAuthAsync(authRequest);

 

4.Add MFA method and validate using MFA auth if needed.

For MFA validation, set the MFA settings in Cognito:v

ar authRequest = new RespondToMfaRequest

{

       SessionID = validateLoginUserRequest.SessionId,

       MfaCode = validateLoginUserRequest.Otp,

       ChallengeNameType = ChallengeNameType.SMS_MFA

};

authResponse = await cognitoUser.RespondToMfaAuthAsync(authRequest);

 

Extract tokens from Cognito:

authResponse.AuthenticationResult.IdToken

authResponse.AuthenticationResult.RefreshToken

 

Forgot Password Flow

1.Search for the user with LoginId in Cognito and call ForgotPasswordAsync:

var user = await _userManager.FindByIdAsync(loginUserRequest.LoginId);

await user.ForgotPasswordAsync();

 

2.Optionally, call ConfirmForgotPassword method in Cognito.

_userManager.ConfirmForgotPassword(userID, token, newPassword, CancellationToken cancellationToken)

Here, understanding AWS Cognito Authentication Methods and Utilizing Them as Needed.