Chapter 10. Adding more features to the authentication service
This chapter covers
- Managing more use cases, such as resetting and changing passwords
- Integrating the login process with Amazon Cognito
- Using the login to get AWS credentials as an authenticated user
- Allowing access to Lambda functions to only authenticated users
In the previous chapter, you started implementing the serverless architecture for a sample authentication service (figure 10.1) capable of creating new users and validating the email address. In this chapter, you’re going to add more interesting features, such as the ability to change or reset the password, and log in as an Amazon Cognito developer authenticated identity.
Figure 10.1. The overall serverless architecture of the sample authentication service you’re implementing in this chapter. HTML and JavaScript files are hosted on Amazon S3. Lambda functions provide the back end logic. A DynamoDB table is used to store user profiles. Amazon SES sends emails for verification and for password resets.

Note
This example uses both client-side (running in the browser) and server-side (running in Lambda functions) code. Because the code running in the browser is JavaScript, the Lambda function examples are also provided in JavaScript. The implementation of those functions in Python is left as an exercise for you to do on your own, because it doesn’t change the architecture or the logic of the application.