Announcements for Mobile Developers

  • View
    1.273

  • Download
    2

Embed Size (px)

Text of Announcements for Mobile Developers

  • 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

    Tim Hunt, Sr. Product Manager, Amazon Cognito

    April 19, 2016

    Announcements for Mobile Developers

    Amazon Cognito Identity

  • Topics

    User identities in Amazon Cognito

    Example use case

    Key new features

    Demo

    Q&A

  • User identities in Amazon

    Cognito

  • Manage authenticated

    and guest users across

    identity providers

    Federated Identity

    Management

    Synchronize users data

    across devices and

    platforms via the cloud

    Data Synchronization

    Securely access AWS

    services from mobile

    devices and platforms

    Secure AWS Access

    GuestYour own auth

    Amazon Cognito Identity Amazon Cognito Sync

    Amazon Cognito Until Now

    k/v data

  • Amazon Cognito Sync

    User Data

    Storage and

    Sync

    Any Platform

    iOS/Android/FireOS

    Store user data, preferences, and stateSave app and device data to the cloud and merge

    them after login

    Cross-device / Cross-OS Sync Sync user data and preferences across devices

    with a few lines of code

    Work offlineData always stored in local SQLite DB first

    Works seamlessly with intermittent or no

    connectivity

    k/v data

    Identity pool

    No back endSimple client SDK eliminates need for server

    side code

  • Amazon

    API Gateway

    Sign in with

    Facebook

    Or

    Username

    Password

    Sign In

    Or

    Start as a guest

    Amazon Cognito IdentityFederated Identities and Secure Access to AWS

    Service for Apps

    Authenticate via 3rd

    party Identity Providers

    Amazon Cognito Identity and User Experience Today

    Guest Access

    Authenticate via

    Developer Provided

    Authentication

    Amazon Cognito

    Identity provides

    temporary credentials

    to securely access

    your resources

    Amazon

    DynamoDB

    Amazon S3

  • Amazon Cognito IdentityFederated Identities and Secure Access to AWS

    Service for Apps

    Authenticate via 3rd

    party Identity Providers

    Most Developers Dont Want to Build a User

    Authentication System

    Guest Access

    Authenticate via

    Developer Provided

    Authentication

    Sign in with

    Facebook

    Or

    Username

    Password

    Sign In

    Or

    Start as a guest

    Developers do not want to

    take on the undifferentiated

    heavy lifting to:

    Build and maintain a

    directory

    Get security right

    Support workflows like

    forgot password

    Scale as their user base

    grows

  • Introducing Sign-Up and Sign-In with Your User

    Pools

    Add sign-up and sign-in

    easily to your mobile and

    web apps

    Easy User Management

    Verify phone numbers and

    email addresses and offer

    multi-factor authentication

    Enhanced Security Features

    Use our simple, secure, low-

    cost, and fully managed

    service to create and

    maintain a user directory

    that scales to 100s of

    millions of users

    Managed User Directory

  • Example Use Case:

    Ramesh Adabala, Principal Architect

    Asurion

  • Mobile Protection Sub Growth

    Worldwide PresenceQuick Facts

    Founded in 1987

    15,000 employees

    Serving more then 280 million consumers globally through our operations in 14 countries

    End-to-end (white label) solutions

    Experience supporting operator captives

    Asurion is the worlds largest device support and protection company

    Serving over 280 Million customers globally

    United States Headquarters Care Centers Technology & Logistics Center

    CanadaCare & Logistics Centers

    EuropeUK, Germany, France

    Korea Care Center Logistics Center Corporate Office

    Japan Care Center Logistics Center Corporate Office

    Hong Kong Asurion Asia

    Headquarters Technology and

    Logistics

    Australia: New nationwide services

    Africa: Care Centre

    China: Nationwide service Two

    operators

    Russia Care Center Logistics Center Corporate Office

    Silicon ValleySoftware Services Dev Teams

    1522

    2532

    4250

    66

    87

    96100

    107111

    115

    2000 2005 2011

    Millions of

    Mobile Protection

    subscribers

    Mexico CityAMX launch office

  • Premier support / protection apps

  • Asurion Use Case for Amazon Cognito

    Asurion

    Mobile

    Apps

    Asurion

    Websites

    Endpoints on

    Amazon EC2

    Asurion Private

    CloudAmazon

    CloudFront AWS Lambda

    functions

    Amazon

    Cognito Identity

    AWS Direct

    Connect

    V

    Voltage

    Key Servers

    API Gateway

    Backend AWS ServicesIAM

    API calls

    40 million identities for Asurion mobile applications

    1 million authentication requests per day

    Need for a global and highly available B2C IAM service - North America, Europe, Asia

    Access Authorization through IAM roles and policies

    User provisioning based on the eligibility checks against On-Premises APIs

    User Identity and other sensitive data to be encrypted using Asurion hosted voltage keys and crypto library

    AWS WAF

    Amazon API

    Gateway

  • Registration

    Workflow

    With an

    Identity Pool ID

    APIs for

    Unauthenticated

    Role

    Asurion User Sign-UpEnd Users

    App with AWS

    Mobile SDK

    User Registration

    (Userid, pwd,

    email, MDN)

    Amazon Cognito AWS Lambda

    Post

    Confirmation

    (confirmation email)

    Customize

    Message

    (OTP Email)

    Pre

    Sign-Up

    (Input Validations)Validation errors

    Cognito

    Workflow

    Email with Registration

    confirmation

    Cognito

    Store

    Asurion Services

    Voltage Crypto

    Service

    Asurion Customer

    eligibility Service

    Amazon API Gateway

    Fix

    Validation errors

    Submit the OTP code

    Ready to login

    Email with OTP code

  • Asurion User Sign-In

    User

    Authentication

    (userid, pwd)

    Amazon Cognito

    Lambda

    Amazon API Gateway

    User Authentication

    With an Identity Pool

    AWS Temporary

    Credentials for Cognito

    Authenticated Role

    Elastic Beanstalk

    Back-end Services

    APIs for

    Authenticated

    Role

    End Users

    App with AWS

    Mobile SDK

    Request with

    AWS Creds + API Key

    Response

    Build the API

    Gateway client with

    AWS credentials

    Call the APIs using

    the AWS credentials

    SDK Supports

    - AWS Creds caching

    - Creds renewal

  • Why Asurion Selected Amazon Cognito

    Support for wide variety of Identity models

    Custom: Your User Pool, Developer Identities

    3rd party: Amazon, Facebook, Google, Twitter etc.

    Extensible provisioning workflow steps with Lambda function support

    Adaptive authentication support using an OTP thru Email or SNS

    Out-of-Box support for identity functions such as:

    Sign-Up

    Forgot Password

    Change Password

    Use of IAM roles for fine grained user authorization

    Scalable service with global presence

    Good SDK support for all mobile and web platforms

  • Key New Features

  • Comprehensive User Scenarios

    Email or phone number

    verification

    Forgot Password

    User sign-up and sign-

    in

    Users verify their email address or phone number to confirm their account

    Users can change their password if they forget it

    Users sign up using email, phone number or user name and password.

    Users can then sign in

    User Profile Retrieve and update user profiles, including custom attributes

    SMS-based MFAIf enabled, users complete Multi-Factor Authentication (MFA) with a confirmation

    code via SMS as part of sign-in and forgot password flows

  • Comprehensive Administrator Scenarios

    Manage users in a

    User Pool

    Select Email and

    Phone Verification

    Customize with AWS

    Lambda Triggers

    Set up Password

    Policies

    Create and manage

    User Pools

    List, search, and perform actions on specific user(s) in the User Pool

    Configure verifications of users email addresses and phone numbers (via SMS)

    Create functions in AWS Lambda to customize workflows

    Control password requirements like minimum length, uppercase, and inclusion

    of special characters

    Create, configure and delete multiple User Pools in their AWS account

    Define Attributes Select required attributes and define custom user attributes

  • Secure Sign-in Made Easy

    Token-based

    Authentication

    Secure Remote

    Password Protocol

    SMS-based Multi-factor

    Authentication

    Uses tokens based on OpenID Connect (OIDC) and OAuth 2.0 standards

    Uses Secure Remote Password (SRP) during sign-in for secure password

    handling end to end

    Enables your end users to use the text messaging functionality of a mobile

    phone as an extra layer of security

  • Customization using AWS Lambda hooks

    AWS Lambda Hook Example Scenarios

    Pre user sign-upCustom validation to accept or deny the sign-

    up request

    Custom messageAdvanced customization and localization of

    verification messages

    Pre user sign-inCustom validation