I am hosting an AWS Amplify app, and use Cognito to authenticate users. I would like to implement a passwordless Authentication with my AWS resources, but I am unable to determine the best way to do this.
I see that I can access an OpenID Connect ID Token
How can I provide this token to AWS to sign-in Cognito users?
Maybe this approach isn't even correct. This stuff is fairly lost on me at the moment. Thanks for any advice.
I believe you're on the right track! Cognito supports passwordless authentication and you can use the OpenID Connect ID Token to authenticate users.
Here's a high-level overview of how you can achieve this:
User Verification: The user enters the received verification code into your application. Your application will confirm the code, and if it's correct, the user is considered as verified.
User Authentication: Now that the user is verified, they can authenticate themselves using their email address. Your application will generate a new unique verification code and send it to the user's email.
User Login: user enters received verification code into your application. Your application will confirm the code, and if it's correct, the user is considered as authenticated.
You might find it helpful to review the AWS Cognito Developer Guide, particularly the sections on User Authentication Flow and Using Tokens with User Pools: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-f...
I hope this helps! Let me know if you have any more questions.
Thank you kindly for responding.
I forgot to mention I'm using the Remix template to build a Shopify Admin App.
npm init @Shopify/app@latest
I was thinking that the Shopify Admin user is authenticated by the time they access my application, and that I wouldn't need to ask them for email or any other inputs. I thought the OpenID token provided by Shopify through the Admin API should be enough.
Considering this do you still think it is correct for me to provide a log-in screen, requiring the user to provide credentials such as e-mail?