1 00:00:07,070 --> 00:00:10,390 - [Speaker] Now lets talk about Amazon Cognito. 2 00:00:10,390 --> 00:00:15,200 Now with Amazon Cognito we have two really useful features. 3 00:00:15,200 --> 00:00:20,200 We have Amazon Cognito Identity and Amazon Cognito Sync. 4 00:00:20,350 --> 00:00:24,650 Now with Amazon Cognito Identity this is 5 00:00:24,650 --> 00:00:29,010 this part of the service can integrate with OpenID providers 6 00:00:29,010 --> 00:00:33,640 to allow our end users, perhaps they are, 7 00:00:33,640 --> 00:00:36,990 you know, users of our applications, they can log in 8 00:00:36,990 --> 00:00:41,120 with any OpenID provider, such as login with twitter, 9 00:00:41,120 --> 00:00:43,360 login with Facebook or login with Google 10 00:00:43,360 --> 00:00:46,130 or again, any OpenID provider. 11 00:00:46,130 --> 00:00:50,730 And from there we can create user identity pools. 12 00:00:50,730 --> 00:00:54,780 Users will authenticate against that OpenID provider 13 00:00:54,780 --> 00:00:56,470 and then Cognito Identity 14 00:00:56,470 --> 00:00:59,080 can help us manage those identities 15 00:00:59,080 --> 00:01:02,290 across different platforms and different devices. 16 00:01:02,290 --> 00:01:04,910 So if they've logged in with Facebook 17 00:01:04,910 --> 00:01:08,100 on their mobile device and then they go home 18 00:01:08,100 --> 00:01:10,730 and log in on their desktop 19 00:01:10,730 --> 00:01:14,000 we can help manage that same user identity. 20 00:01:14,000 --> 00:01:19,000 Cognito can also help us to leverage temporary keys, 21 00:01:19,260 --> 00:01:21,840 which is considered a security best practice. 22 00:01:21,840 --> 00:01:24,200 If you remember back during earlier lesson 23 00:01:24,200 --> 00:01:27,210 when we talked about role based authentication. 24 00:01:27,210 --> 00:01:32,200 And so here are the ideas that with temporary keys 25 00:01:32,200 --> 00:01:35,230 by using temporary keys, we can avoid 26 00:01:35,230 --> 00:01:37,860 the need to embed long-term keys 27 00:01:37,860 --> 00:01:39,840 within the application. 28 00:01:39,840 --> 00:01:43,560 And so, here, okay, a user, again, they might 29 00:01:43,560 --> 00:01:47,100 log in with one of these OpenID providers 30 00:01:47,100 --> 00:01:50,400 and by doing that they either 31 00:01:50,400 --> 00:01:54,330 create a new user identity within the user pool, 32 00:01:54,330 --> 00:01:56,973 or refresh an existing one. 33 00:01:58,230 --> 00:02:02,280 And then whether they log in from a mobile device 34 00:02:02,280 --> 00:02:06,460 or they log in with, from a desktop, 35 00:02:06,460 --> 00:02:08,270 doesn't really matter. 36 00:02:08,270 --> 00:02:11,570 Either way we can leverage Cognito 37 00:02:11,570 --> 00:02:16,560 to deliver temporary keys to either the mobile application 38 00:02:16,560 --> 00:02:19,570 or the web application, and then 39 00:02:19,570 --> 00:02:22,030 wherever that application is running 40 00:02:22,030 --> 00:02:24,660 it can then use those temporary keys 41 00:02:24,660 --> 00:02:28,130 to communicate with Amazon services directly. 42 00:02:28,130 --> 00:02:29,930 It can communicate, for example 43 00:02:29,930 --> 00:02:33,200 to S3 directly, or to DynamoDB, or Lambda, 44 00:02:33,200 --> 00:02:36,420 or API Gateway directly without necessarily 45 00:02:36,420 --> 00:02:41,420 having to pass through our own back end API's. 46 00:02:41,420 --> 00:02:44,300 And so that provides a very powerful pattern 47 00:02:44,300 --> 00:02:46,670 for allowing us to create, you know, 48 00:02:46,670 --> 00:02:50,493 event driven and asynchronous types of applications. 49 00:02:51,330 --> 00:02:54,970 Now another thing that Amazon Cognito can do 50 00:02:54,970 --> 00:02:59,520 is with Amazon Cognito Sync we can use that 51 00:02:59,520 --> 00:03:04,520 to store App data, State and Preferences 52 00:03:05,510 --> 00:03:09,570 and all kinds of other things on particular devices. 53 00:03:09,570 --> 00:03:12,070 And then as a user goes from one device 54 00:03:12,070 --> 00:03:15,120 to another device, we can have Cognito Sync 55 00:03:15,120 --> 00:03:18,300 automatically sync that data between 56 00:03:18,300 --> 00:03:20,190 those different devices. 57 00:03:20,190 --> 00:03:23,520 And of course, not only can we sync across different devices 58 00:03:23,520 --> 00:03:27,280 but also across operating systems and platforms. 59 00:03:27,280 --> 00:03:30,880 We can also leverage Amazon Cognito Sync 60 00:03:30,880 --> 00:03:32,490 to work offline. 61 00:03:32,490 --> 00:03:34,090 If we are creating some type of 62 00:03:34,090 --> 00:03:37,380 document processing system and application, 63 00:03:37,380 --> 00:03:41,910 then we could allow our users to work offline. 64 00:03:41,910 --> 00:03:43,490 And this is especially useful 65 00:03:43,490 --> 00:03:44,910 in a mobile environment 66 00:03:44,910 --> 00:03:48,760 where perhaps they are on some type 67 00:03:48,760 --> 00:03:50,960 of an unreliable network connection 68 00:03:50,960 --> 00:03:52,690 where they, perhaps they don't have access 69 00:03:52,690 --> 00:03:57,260 to wifi and their cell reception is maybe in and out, 70 00:03:57,260 --> 00:03:59,600 and so perhaps they can continue working, 71 00:03:59,600 --> 00:04:02,360 and then once they are back in good signal 72 00:04:02,360 --> 00:04:05,410 or once they are back to wifi 73 00:04:05,410 --> 00:04:07,383 then sync can continue. 74 00:04:08,750 --> 00:04:12,340 And so with work offline it does store the data 75 00:04:12,340 --> 00:04:15,540 in a local SeQuaLite database. 76 00:04:15,540 --> 00:04:18,510 And then of course it works seamlessly. 77 00:04:18,510 --> 00:04:22,540 Right, so again, if as internet connections come and go, 78 00:04:22,540 --> 00:04:25,620 when its intermittent or even totally absent, 79 00:04:25,620 --> 00:04:28,440 Cognito Sync can allow us to work offline 80 00:04:28,440 --> 00:04:31,320 and then re-sync again without the user 81 00:04:31,320 --> 00:04:32,723 ever really even knowing. 82 00:04:33,650 --> 00:04:36,830 Right, so keep, keep Amazon Cognito in mind, 83 00:04:36,830 --> 00:04:40,820 if you want to leverage, especially for mobile applications 84 00:04:40,820 --> 00:04:45,820 or applications that are, that have both mobile clients 85 00:04:45,830 --> 00:04:50,020 and desktop clients, and you want to allow your users 86 00:04:50,020 --> 00:04:52,850 to authenticate against an OpenID provider 87 00:04:52,850 --> 00:04:54,990 like Twitter or Facebook 88 00:04:54,990 --> 00:04:59,630 and/or you want to enable your users to sync data 89 00:04:59,630 --> 00:05:02,993 between different devices and different platforms.