CODEWITHSUNDEEP
amazon-web-servicesjwtamazon-cognito
Defozo
Defozo

Reputation: 3092

How to use AWS Cognito for unauthenticated users?

I'd like to use AWS Cognito (User Pools and Identity Pools) for managing access to my web app.

This web app is a report generator. It generates reports from gathered sensors' data.

The possible scope of requested data should vary between users. Some users should only have access to specific sensor IDs or sensors from a specified area or date range.

However, I'd like to make some reports publicly available - eg. data from sensors from New York should be available to everyone without the need to sign up/sign in.

As for authenticated users, I think I could just add a custom attribute to Cognito User Pool with sensor IDs that the specified user should have access to. Then, after signing up and logging in with Cognito, the user could make a request to my application and I would verify the JWT and get from the payload information about what sensors can the user request.

Unfortunately, I'm not sure how to handle unauthenticated users. I see it like that:

  1. The user navigates to a page with a specific public report. Eg. https://example.com/reports/new-york/
  2. Frontend (React.js) somehow gets signed JWT with custom attribute custom:city = New York.
  3. Frontend makes a request to my application, my app verifies JWT and permits the data to the user if the request contains a query only for New York's sensors.

Maybe I should create a user with known username and password and hardcode it in the frontend?

Is it a proper way to use Cognito? Should I implement it in some other way?

Upvotes: 5

Views: 10382

Answers (1)

Ninad Gaikwad
Ninad Gaikwad

Reputation: 4480

Yes there is a simple way to implement unauthenticated access using cognito identity pool. You will not be using user pool for this. Go to identity pool in the aws console and click on edit identity pool. Now scroll down to unauthenticated identities and enable it. unauthenticated identities

There are 2 different roles created automatically for this identity pool. One for auth role and another for unauth role. Give permissions accordingly. Now you can make unauthenticated calls using cognito sdk and if you don't provide credentials you will be given credentials for the unauthenticated role.

Upvotes: 9

Related Questions