I'm just so envious of people who can present stuff this clearly and effortlessly, this guy seems like he's sort of calmly chatting about stuff, seems laid back and yet he communicates so very clearly.
If you are not totally unfamiliar with authorisation I recommend jumping to @34:48 'Putting it altogether' which is not marked as a chapter! The first section seems unnecessary, but all good from there.
@36:09 "or you [MIGHT] want to use their identities for some very like coarse grain like authorisations about hiding tabs or showing tabs, right, roll based type stuff; you could certainly do that" Client side "authorisation" by changing the behaviour of what is visible if implemented as HTML properties (as seems to be implied) is easily circumvented by users. I think this would be better described as "having the application server sending different client UIs and data dependant on user role"
I am fuzzy with their pricing. If I allow my users to signUp/signIn through Google & Facebook, does it count as to this pricing model "50,001-100,000 (after the 50,000 free tier) $0.0055" OR the latter "Users who sign in through SAML or OIDC federation: For users who sign in through SAML or OIDC federation, the price for MAUs above the 50 MAU free tier is $0.015" ??
Cognito differentiates between a "normal" user and a SAML/OIDC user. It is really confusing (like everything related to cognito). BUt think about it as a consumer user and a corporate user. This isn't a perfect explanation, but it is accurate 95% of the time. So the consumer users can log in with facebook/google/etc or their local username and password and just count as normal MAUs. This is what you get 50,000 MAUs for and they cost the $0.0055 each after the initial 50,000. The more expensive SAML users are essentially "corporate" users. This is for people with custom SAML-compatible user directories that want SSO with cognito. You see this commonly with enterprise SAAS who want to allow enterprise customers use their existing user directories for login with SSO so that the employees don't need another login. These are the more expensive MAUs that are billed at $0.015 and you only get 50 for free. Almost always you will see the basic cheaper user types used in consumer settings and the more expensive user types used in corporate environments. So that's why I think it is best to think about them like that. Cognito has a huge consistency problem with its documentation. They throw the words federation around all over the place and they mean very different things in different contexts. In terms of pricing be very careful not to implement too many of the security features. Because then a user can qualify as having extra security which costs an extra 5.5 cents per user ON TOP of the other pricing. Cognito really is a disaster in terms of documentation. AWS is known for bad documentation, but Cognito is probably the service that has the worst documentation of any other AWS service I have used (and I have personally read docs on at least half the AWS services).
Cognito doesn't return the JWT to the applictation for me like is stated here and in many other places but a `CognitoUser` object instead. How can I get the JWT?
Just as a matter of courtesy and inclusion for female developers like me, it would be great to not use male pronouns for "Aspiring app creators." It just throws me off to have to do the mental calculus of him --> her.
@@YayoArellano There is nothing gender specific about the word "creator". The speaker refers to the Aspiring App Creator as "he" and mentions "his friend". To be fair these could easliy be rephrased using "they" and "their".
I'm just so envious of people who can present stuff this clearly and effortlessly, this guy seems like he's sort of calmly chatting about stuff, seems laid back and yet he communicates so very clearly.
Seeing the code example here saved my life with this! I really struggle with AWS' docs!
AWS Documentations are pathetic. They should learn from Oracle [ their long-standing competitor] OR MSFT.
This is one of the best talks about Cognito which covers a lot of possibilities. Absolute Gold.
Great video. It took me real long time to figure out the differences and relationships between user pool and identity pool.
Just don't know why are the docs about Cognito is messed beyond comprehension. It simply sucks!
@ebulating Agree ! They have lowest turnover/profit as well.
Isn't that all AWS documentation?
You are total right! Most the the info leaves too many gaps.
Oh, so it’s not just me?
Finally a good video about cognito. Thank you so much for this
This is the best video I watched on Cognito. Thank you
Best cognito video so far.
If you are not totally unfamiliar with authorisation I recommend jumping to @34:48 'Putting it altogether' which is not marked as a chapter! The first section seems unnecessary, but all good from there.
@36:09 "or you [MIGHT] want to use their identities for some very like coarse grain like authorisations about hiding tabs or showing tabs, right, roll based type stuff; you could certainly do that"
Client side "authorisation" by changing the behaviour of what is visible if implemented as HTML properties (as seems to be implied) is easily circumvented by users. I think this would be better described as "having the application server sending different client UIs and data dependant on user role"
This talk is gold
Thank you. I'm very happy with your knowledge.
51:00 You should put those links in the description
can you put the code on github please ?
thank you
did you get the code?
40:16
You're the real hero
JWT : json web token
I am fuzzy with their pricing. If I allow my users to signUp/signIn through Google & Facebook, does it count as to this pricing model "50,001-100,000 (after the 50,000 free tier) $0.0055" OR the latter "Users who sign in through SAML or OIDC federation: For users who sign in through SAML or OIDC federation, the price for MAUs above the 50 MAU free tier is $0.015" ??
Cognito differentiates between a "normal" user and a SAML/OIDC user. It is really confusing (like everything related to cognito). BUt think about it as a consumer user and a corporate user. This isn't a perfect explanation, but it is accurate 95% of the time. So the consumer users can log in with facebook/google/etc or their local username and password and just count as normal MAUs. This is what you get 50,000 MAUs for and they cost the $0.0055 each after the initial 50,000. The more expensive SAML users are essentially "corporate" users. This is for people with custom SAML-compatible user directories that want SSO with cognito. You see this commonly with enterprise SAAS who want to allow enterprise customers use their existing user directories for login with SSO so that the employees don't need another login. These are the more expensive MAUs that are billed at $0.015 and you only get 50 for free. Almost always you will see the basic cheaper user types used in consumer settings and the more expensive user types used in corporate environments. So that's why I think it is best to think about them like that. Cognito has a huge consistency problem with its documentation. They throw the words federation around all over the place and they mean very different things in different contexts. In terms of pricing be very careful not to implement too many of the security features. Because then a user can qualify as having extra security which costs an extra 5.5 cents per user ON TOP of the other pricing. Cognito really is a disaster in terms of documentation. AWS is known for bad documentation, but Cognito is probably the service that has the worst documentation of any other AWS service I have used (and I have personally read docs on at least half the AWS services).
Cognito doesn't return the JWT to the applictation for me like is stated here and in many other places but a `CognitoUser` object instead. How can I get the JWT?
did you get JWT?
he sounds like Bill Clinton
Just as a matter of courtesy and inclusion for female developers like me, it would be great to not use male pronouns for "Aspiring app creators." It just throws me off to have to do the mental calculus of him --> her.
You have to be kidding.
How would you call them then?? Aspiring app creatars? creaters?
@@YayoArellano It has become common to use plural pronouns (them / they / their) to refer to people without specifying their gender.
@@YayoArellano There is nothing gender specific about the word "creator". The speaker refers to the Aspiring App Creator as "he" and mentions "his friend". To be fair these could easliy be rephrased using "they" and "their".
get a life, please