One of the most important parts when we make an app is to be able to register users and authenticate them, because this depends on the permissions you gave to them to access to the app.
In this tutorial I show you how to make a user signup, using Cognito from Amazon Web Services (AWS). In the front-end I am using ReactJS and for the back-end I use NodeJS. The user registration is done using the cellphone number and a password. Finally, the authentication method will be used through the cellphone number.
First of all, we have to enter to the AWS administration console. Following this we will go to Cognito service, to create and configure the user pool (User Pool); we will find a window like this.
Select the Manage User Pools option, it will send you a window where it will show you the user groups (User Pools). Select Create a user pool, to create a new user group (upper right corner).
After creating your user group (User Pool), you will be asked to assign a name to this user group. Then you must select one of two options, the Review defaults option allows you to see a summary of all the options you can edit, if you choose the Step through settings option, it will take you to all the Review defaults options but this option will show you each section and you can edit them at that time if you want it. In this tutorial we will go for the Step through settings option.
Attributes section — in How do you want your end users to sign in?, select the option Email address or phone number and select Allow phone numbers. In the option Which standard attributes do you want to require?, select the option phone number, to indicate that this will be de data registered and also use it to do login. Cclick on Next step.
Policies section, allows us to define the characteristics that the user's password will have. In What password strength do you want to require?, leave the default options (password with a minimum length of 8 digits and the password is required to contain numbers, special characters, upper and lower case letters), but you can define how strong do you want your password will be. In Do you want to allow users to sign themselves up?, select the Allow users to sign themselves up option, to allow the user to define their password for themselves. Click on Next step.
For the MFA and verifications section, we will select the following options. In Do you want to enable Multi-Factor Authentication (MFA)?, we will select Optional. In Which second factors do you want to enable? We will choose SMS text message, with this option we will allow the AWS SNS service to send text messages with a 6-number code, which will be verified by the user once they register or signup in our application. We want to verify that the cellphone number exists and that it belongs to the user so in the section of Which attributes do you want to verify?, we will select phone number. Finally, a permission role (IAM Role) is created, you can leave the name that is generated by default or you can choose to customize the name. Click on Next step.
In the Message customizations section, we will define, in the case that we send verification emails with the AWS SES (Simple Email Service), the sender’s email. In this case we will not edit the option Do you want to customize your email address? We will go directly to the option Do you want to customize your SMS verification messages?, in this option we can edit the message that will arrive as a text message to obtain the verification code. Click on Next step.
In Tags section, we only click on Next step.
In Devices section we will select the NO option and click on Next step.
For App clients section we will select the Add an app client option, this option will generate an ID that we will need in the back-end. We will assign a name in App client name, I recommend that it be the same name of the user pool (User Pool). Disable the Generate client secret option and finally click on Create app client and Next step.
Finally it will show us the Triggers section; At the moment we will not use it, this section is occupied when you handle the AWS-Lambda service. We will click on Next step, without modifying anything.
In the Review section, we will see a summary of all of the above. Once we have verified that we have edited the options as we want we click on Create pool. This Review section would have appeared to us if we had clicked since the beginning the option of Review defaults (after assigning the name to the user group -User pool-).
We have already created a user group (User Pool), this will allow us to perform the next step in order to signup a user in AWS-Cognito.
Based on the fact that we already have our back-end configured using NodeJS, the code to signup a user is this way (I modified the code that is in the tutorial a little, to only have one attribute (phone number), but you can check the original code here.
Express, AmazonCognitoIdentity, AWS and node-fetch, are installed with NPM; node-fetch is necessary to be able to use the Cognito service, for more information click here.
It asks us for two credentials, UserPoolId and ClientId, which you will obtain from Cognito.
poolData — UserPoolId you will find it in the window where you see the summary of all the options of the user group, such as Pool Id.
ClientId — you will find it in the App client section, you will see this section in the left column.
In order to do the user signup, we will use the signUp method. This method uses the username (in this case the cellphone number), and the password.
Note: At the time of doing the necessary tests you will have to place the code of your country at the beginning of the cellphone number, in my case it is México so the cellphone number is composed as follows “+52 ########## “
If all is well, you will have already received an SMS with the verification code!!! Check your cellphone.
Finally, use that code to authenticate the cellphone number. Use the following method, again if you want to see the original code go to the AWS documentation.
With this you will have already authenticated the user with his cellphone number.
