Search code examples
amazon-web-servicesaws-api-gatewayamazon-cognitoaws-appsync

Access api-gateway without login, then create account and make Authorization

I would like to make the following scenario in my web and mobile app:

  1. user opens an app (now web, later mobile) without Cognito login, creates few entities, views analytics provided by the service (mostly data loaded through Appsync).
  2. Then the user goes through Cognito user registration flow in our service -> all the entities created by him on the first step are saved under his account.
  3. If the user is logged in, show him information attached to his account.

I currently have an API Gateway with resource under it redirecting to Appsync.

The Cognito authorizer is currently attached to the API Gateway.

It seems that to allow #1 action described above I need to remove/disable Cognito authorizer on the Api-gateway level.

But how then should I integrate Cognito to the application?

Solution

  • With AWS Cognito Identity Pools, you can have unauthenticated users. You create an Unauthenticated User in the user pool without them having to register.

    When they are committed and want to register, you just Switch the Unauthenticated User into an Authenticated User.

    Amazon Cognito identity pools support both authenticated and unauthenticated users. Unauthenticated users receive access to your AWS resources even if they aren't logged in with any of your identity providers (IdPs). This degree of access is useful to display content to users before they log in. Each unauthenticated user has a unique identity in the identity pool, even though they haven't been individually logged in and authenticated.