How to call Cognito User Pool for Authentication from Javascript page for Lambda API gateway

Question

I am having Amazon Connect Customized Control Panel where Agent can receive call. I have developed customized HTML screen where agent can enter customer details and save into database. For saving I am calling lambda function using API gateway. I am calling gateway URL from HTML page. Now I want to secure that API gateway URL using Cognito user pool where I have integrated Active Directory. I found few solutions but they are sending password to authenticateUser method. So it will expose password in HTML page. Is there any way where I can avoid this?

Thanks, Gans

Answer 1

I don’t see any problem in ‘exposing’ the password in HTML page. Using cognito JS SDK, authenticate user will directly provide the access key. You can then use the key to authenticate your requests to API gateway.

Answer 2

You need to use a single identity provider that is integrated to both Amazon Connect and Cognito via SAML. This is the only way to authenticate the user one time and leverage the identity/token for both authorization to the Connect CCP and the API Gateway (via Cognito authorizer). In this case you would need to launch a new Amazon Connect instance with SAML integration and then configure an identity pool, rather than a user pool, in Cognito as it will allow you to integrate with a SAML based identity provider.

If you want to use the user pool in Cognito, then you would need to launch a secondary username/password dialog when your app loads to capture the Cognito credentials after the user had authenticated to Amazon Connect.