AWS Cognito

Updated at 2016-09-07 21:39

AWS Cognito is user identity and authetication service.

AWS Cognito has 2 kinds of pools: identity pools and user pools. Identity pool is a store of user identity data specific to your account. User pool is a method of registering and logging in an user. One identity can have multiple linked login methods e.g. Facebook or Google.

Create user pool. AWS > Cognito > User Pools Although, seems like there is not Unity SDK to utilize this one yet? Better to just use 3rd party login methods for now and keep only the identities in Cognito.

Pool name: MegaUserPool
[ Step through the settings. ]
Make sure email is a required attribute.
Remove all password restrictions except 8 characters.
MFA: [x] Off
Verification: [x] Email
Remember devices: [x] No
Add an app:
    App name: MegaApp
    Refresh: 30 days
    [x] Generate client secret
Don't add triggers.
[ Create pool ]

Create identity pool. AWS > Cognito > Federated Identities

Identity pool name: MegaIdentityPool
[x] Enable access to unauthenticated identities
You can edit the Authentication Providers later.
[ Next ]

It will create 2 roles:
- Cognito_MegaIdentityPoolAuth_Role: for authenticated users.
- Cognito_MegaIdentityPoolUnauth_Role: for unauthenticated users.
- Note that there roles are not removed if you delete the identity pool.

Edit identity pool page will show the identity pool ID. e.g. eu-west-1:2ffdd5e2-dd4a-4a8b-a440-f4b5a0d05e7e

You can find out current user identity with GetIdentityIdAsync.

Credentials.GetIdentityIdAsync(delegate(AmazonCognitoIdentityResult<string> result) {
    if (result.Exception != null) {
    string identityId = result.Response;
    Debug.Log("Your identity ID is: " + identityId);

You must clear cached identity if you want a new one. If user identity is deleted or you just want a new one, just use Credentials.ClearIdentityCache();.

You can see all data linked to an identity through the web console. Identity Pool* > Identity browser > Identity* > Datasets.

Dataset is a collection of key-value pairs. Each dataset can contain up to 1MB of data in the form of key-value pairs. A dataset is the most granular entity on which you can perform a sync operation.

// After
var creds = new CognitoAWSCredentials(identityPoolId, RegionEndpoint.EUWest1)
var config = new AmazonCognitoSyncConfig { RegionEndpoint = RegionEndpoint.EUWest1 }
var syncManager = new CognitoSyncManager(creds, config);
var playerInfo = syncManager.OpenOrCreateDataset("PlayerInfo");

// Get and set...
var email = playerInfo.Get("email");
playerInfo.Put("email", email);

// Synchronizing with the cloud

// You listen to the dataset for changes
playerInfo.OnSyncSuccess += this.HandleSyncSuccess;
playerInfo.OnSyncFailure += this.HandleSyncFailure;
playerInfo.OnSyncConflict = this.HandleSyncConflict; // mismatch of local and remote
playerInfo.OnDatasetDeleted = this.HandleDatasetDeleted; // deleted on remote
playerInfo.OnDatasetMerged = this.HandleDatasetMerged; // previously unconnected ids