AWS Certified Developer - Associate Exam: Key Requirements for Mobile Application Authentication

Key Requirements for Mobile Application Authentication

Prev Question Next Question

Question

Your architect has drawn out the details for a mobile-based application.

Below are the key requirements when it comes to authentication. · Users should have the ability to sign-in using external identities such as Facebook or Google. · There should be a facility to manage user profiles. Which of the following would you consider as part of the development process for the application?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - B.

The AWS Documentation mentions the following.

User pools provide:

Sign-up and sign-in services.

A built-in, customizable web UI to sign in users.

Social sign-in with Facebook, Google, and log in with Amazon, as well as sign-in with SAML identity providers from your user pool.

User directory management and user profiles.

Security features such as multi-factor authentication (MFA), checks for compromised credentials, account takeover protection, and phone and email verification.

Customized workflows and user migration through AWS Lambda triggers.

Options A and C is incorrect since this would require a lot of effort to develop and maintain.

Option D is incorrect since this is normally used for external directories such as Active Directory.

For more information on user identity pools, please refer to the below Link-

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html

The key requirements of the mobile-based application include the ability for users to sign-in using external identities such as Facebook or Google and a facility to manage user profiles. To fulfill these requirements, the development process of the application should consider using a suitable authentication solution.

Option A suggests using IAM roles, which is not a suitable solution for user authentication in this scenario. IAM roles are used to manage permissions for AWS resources and services, but not for user authentication in a mobile-based application.

Option B suggests using User pools in AWS Cognito. AWS Cognito is a fully managed service that provides user authentication and authorization for mobile and web applications. User pools in AWS Cognito are used to manage user registration, sign-in, and account recovery for mobile or web applications. User pools support sign-in with external identity providers such as Facebook, Google, and Amazon, and they can also be integrated with SAML-based identity providers. Therefore, this option is a suitable solution for the application's requirements.

Option C suggests building the logic into the application. This option may seem feasible, but it is not a recommended approach for managing user authentication and profiles in a mobile-based application. Building a custom authentication and profile management solution requires significant development effort, and it may not provide the same level of security and scalability as a dedicated authentication service.

Option D suggests using SAML federation identities. SAML is a standard protocol used for exchanging authentication and authorization data between parties, typically between an identity provider and a service provider. Although SAML federation can be used to integrate external identity providers with the application, it requires additional configuration and setup, which may not be suitable for a mobile-based application. AWS Cognito User pools provide a more straightforward and comprehensive solution for integrating external identity providers.

In conclusion, option B - Consider using User pools in AWS Cognito, is the most suitable solution for fulfilling the key authentication requirements of the mobile-based application.