Skip to main content

Amazon Cognito

Amazon Cognito User Pools

User pools allow you to easily and securely integrate sign-up and sign-in functionality into your apps.

Refer to the Amazon Cognito Developer Guide for guidance using Cognito User Pools.

User Pools API Access

The ICognitoIdentityProviderClient interface and its implementation TCognitoIdentityProviderClient provides access to all Amazon Cognito User Pool operations.

Amazon Cognito Identity Pools (federated identities)

Identity pools allow you to create unique identities for your users and federate them with identity providers.

Refer to the Amazon Cognito Developer Guide for guidance using Cognito Identity Pools.

Identity Pools API Access

The ICognitoIdentityClient interface and its implementation TCognitoIdentityClient provides access to all Amazon Cognito Identity Pool operations.

Accessing AWS Services with Federated Credentials

AWS credentials can be resolved for federated identities using the credential provider TCognitoAWSCredentials.

The credentials provider can be constructed like:

var
  CognitoCredentials: ICognitoAWSCredentials;
begin
  CognitoCredentials := TCognitoAWSCredentials.Create(
    '<region>:<identity pool id>',
    '<region>'
  );
end;

These credentials can be passed to AWS services by assigning them to an instance of IAWSOptions.

var Options := TAWSOptions.Create as IAWSOptions;
Options.Credentials := CognitoCredentials;

Any service initialized with these options will automatically switch credentials based on the state of the federated credentials. If the identity pool is configured for unauthenticated identities, the TCognitoAWSCredentials will be able to resolve credentials immediately. To use authenticated credentials, you need to sign in to a configured identity provider and provide an issued token to the credentials provider. To provide an issued token to the credentials provider use AddLogin. Here is an example of adding a token from a Cognito User pool:

CognitoCredentials.AddLogin(
  'cognito-idp.<region>.amazonaws.com/<cognito-user-pool-id>',
  '<id-token-issued-cognito-user-pool>'
);

As a convenience the TCognitoHostedUI component provided for FMX and VCL is a quick way to add user authentication to your applications and provide tokens for use with the federated credentials provider. You can find the TCognitoHostedUI under the "Appercept AWS SDK" group in the palette.