Answers. Create user pools. [50] (S), Register an app client. [100] (S) Created Cognito user pool and registered an app client Add a list of employees in the User pool. [100] (S) Create groups and assign respective groups to employees. [100] (S) Created Group. assigned respective groups to employees Integrate the Voting server and Voting client with Amazon Cognito using OIDC. [100] (S) Server/client_secret.json client/client_secret.json Run the app. [200] Running the application. Demonstrate the payload of the access token and id token and explain the usage and difference between them. [100] The above image contain the token id which is 73da8216-4e65-4113-a355-358483fe5f07 and JWT access token which is eyJjc3JmX3Rva2VuIjogIjB0THl0SUFnZEtUX05tZEZORmlFdTVELVFwaTU3a0tsIiwgIm Rlc3RpbmF0aW9uIjogImV5SmhiR2NpT2lKSVV6VXhNaUo5LkltaDBkSEJ6T2k4dk1Ua3l MakUyT0M0eE1DNHpOem81T1RrNUwyeHZaMmx1SWcuU1h2RW9wdzNDUlNLWjJZc W5jbElsdU9iZWtMRVJFSC1ScnB1R1JZRnF3dVhHYnFHUFFsc2RNM3ljb0tiTjNxQ2I5U nhDWm1MSnBwUlIxV0MxUW40RncifQ Access Token is used to check the authorization of the user or we can say it’s an identity token provided by the application to confirm the authorization access of the user. The JWT token contains the CSRF token which is used to prevent cross site request forgery and the destination data contains the payload. The destination data with contains the payload is redirecting to the login page of the application. Extract the vote token and explain its payload. [50] The vote token. { "at_hash": "qQXEWFsazkUJ16z07BUeCA", "sub": "555ce0f8-f7f8-4ef7-945b-c311113c7a52", "cognito:groups": [ "admin" ], "email_verified": true, "iss": "https://cognito-idp.us-east-2.amazonaws.com/us-east-2_TbSQ8M0PM", "cognito: username": "upgrad_admin1@example.com", "origin_jti": "c47dc7e0-2e84-42be-9b28-97558f1498f3", "aud": "6jfq7lqg8v98jd49ffru2adglo", "token_use": "id", "auth_time": 1643041984, "exp": 1643045584, "iat": 1643041984, "jti": "b360fe71-12e8-4393-986f-e29da838a17f", "email": "upgrad_admin1@example.com" } Explain the relevance of JWT tokens with respect to the project. [50] As shown above, JWT token contains details for authorization and authentication. As we can see the initial request contains login details as shown above. Post authentication of the user the voter JWT token contains all kind of details of the user while submitting the vote. { "at_hash": "qQXEWFsazkUJ16z07BUeCA", "sub": "555ce0f8-f7f8-4ef7-945b-c311113c7a52", "cognito:groups": [ "admin" ], "email_verified": true, "iss": "https://cognito-idp.us-east-2.amazonaws.com/us-east-2_TbSQ8M0PM", "cognito: username": "upgrad_admin1@example.com", "origin_jti": "c47dc7e0-2e84-42be-9b28-97558f1498f3", "aud": "6jfq7lqg8v98jd49ffru2adglo", "token_use": "id", "auth_time": 1643041984, "exp": 1643045584, "iat": 1643041984, "jti": "b360fe71-12e8-4393-986f-e29da838a17f", "email": "upgrad_admin1@example.com" } Explain the use of AWS user pool with respect to the project. [50] A user pool is a user directory in Amazon Cognito. With a user pool, our users can sign in to ztev project through Amazon Cognito. Our users can also sign in through social identity providers like Google, Facebook, Amazon, or Apple, and through SAML identity providers. Whether your users sign in directly or through a third party, all members of the user pool have a directory profile that you can access through a Software Development Kit (SDK). User pools provide: Sign-up and sign-in services. A built-in, customizable web UI to sign in users. User directory management and user profiles. Security features such as multi-factor authentication (MFA), checks for compromised credentials, account takeover protection, and phone and email verification. Customized workflows and user migration through AWS Lambda triggers. Suggest ideas to improve the overall security of the project. [50] o Build of the code could be better. o To make the project a little more interesting we could user RDS instead of docker. o We could implement Google Auth or another SAML to help us learn more about IDAM.