amazon-web-services - tutorial - cognitouserpool

How do I use Amazon Cognito as user authentication for my website(NOT mobile app) (3)

By using Amazon Cognito in your web applications as well as mobile apps, you can utilize a consistent, cross-platform identifier for your end users authenticated through Facebook, Google, or Amazon; together with the Cognito Sync service, this allows you to keep user-related data consistent across all your applications and platforms. Further, Cognito helps you to retrieve temporary, limited-privilege credentials for both your authenticated and unauthenticated users without managing any backend infrastructure. In our previous post, we covered how to connect to the Amazon Cognito Identity service from your mobile applications.

Here is a link to the relevant : Amazon Cognito Documentation

How can I use AWS-Cognito for user authentication in a web app (not IOS or Android app)?

Amazon cognito just came out:

From the FAQ:

Q: Do I still need my own backend authentication and identity systems with Amazon Cognito?

No. Amazon Cognito supports login through Amazon, Facebook and Google, as well as providing support for unauthenticated users. With Amazon Cognito you can support federated authentication, profile data sync store and AWS access token distribution without writing any backend code.

It seems to be built with mobile apps in mind (they provide SDKs for android and IOS).

So far the AWS php SDK and boto don't reference Cognito, but Amazon mentions "back-end API's" that we can hit.

Cognito is perfect for web apps. There is a good tutorial on using Cognito ID and Sync for Javascript web apps: and at

Update: There is now a Cordova/PhoneGap tutorial also at and at

The process is as follows:

  1. Register a Facebook app. You will get a App ID and App secret.
  2. Create an AWS Cognito ID Pool using the App ID and App secret.
  3. Use the App ID and secret with Passport to get a Facebook session token for the user.
  4. Use the Facebook token to get temporary AWS credentials for the user.
  5. Use the temporary credentials to access AWS resources such as Cognito Sync.

Although if you are only looking for authentication then you don't actually need Cognito, you just login with Facebook.

One of the developers for Amazon Cognito here.

To expand on JeffersonBe's answer, API docs for both the Identity and Sync services in Amazon Cognito are available on our documentation website.

Additionally, a number of the AWS SDKs have already been updated to support Amazon Cognito:

With more coming soon.

Thanks for your interest. If you have other questions or encounter issues, please post additional questions here on SO or over at our new dedicated Cognito forum.