AWS Cognito Quick Start with Unity
Amazon Web Service (AWS) provides on-demand cloud computing platforms with various tools for various services. One of those platforms, Amazon Cognito, specifically provides a means to authenticate, authorize, and generally manage users for your application either directly through Cognito or through another federated identity provider (IdP) such as Google and Facebook. The basic workflow for a user accessing his or her account through Cognito or an IdP is as follows:
1. User begins using the app.
2. User is authorized and/or authenticated by a user pool directly through Cognito or a third-party IdP.
3. Authenticated user receives access tokens.
4. User exchanges tokens via an identity pool for temporary AWS credentials.
5. User exercises credentials to securely access application utilizing AWS services.
6. User exits application and may be grated a limited window to reaccess services before the authentication process is required again.
Fortunately, Amazon has an abundant amount of documentation regarding setting up user and identity pools for Cognito, but unfortunately, the documentation for implementing that process within Unity is a bit sparser.
First, a quick tip regarding something which plagued my initial couple of weeks developing an AWS app within Unity: AVOID THE AWS MOBILE SDK FOR UNITY. The traditionally used AWS Mobile SDK for Unity is outdated and has been replaced by the AWS SDK for .NET which is available here: https://docs.aws.amazon.com/sdk-for-net/latest/developer-guide/welcome.html. The initial setup is relatively straight-forward, but with Unity, you’ll need to download the library of assemblies for the .NET SDK and then selectively drag and drop the DLL files for the service(s) you need into your Unity project window. Once added to your project, you then have access to those namespaces within your IDE. However, the assemblies/DLL files required to fully utilize the services you choose will most likely extend beyond just the ones referencing those services so have the download ready to drag and drop more. In addition to Cognito for user management, my particular project deploys DynamoDB for key-value data storage and retrieval, and these two services combined have required each of the assemblies below:
Beyond the SDK for .NET, there are other Amazon assembly extensions which may enhance the functionality and security of your Cognito application, particularly CognitoAuthentication (https://www.nuget.org/packages/Amazon.Extensions.CognitoAuthentication/). Notably, this extension allows for Secure Remote Password (SRP) authentication without having to implement an abundance of crypto math functions. With any user sign-in process, SRP authentication is highly recommended because instead of directly sending a username and password to the server for access, users simply demonstrate to the server that they know the password and then are given credentials. This is beneficial because it actively works to prevent eavesdropping and man-in-the-middle attacks. This extension is slightly more complicated to implement than the previous assemblies, but you’ll start by downloading the package from NuGet. Once downloaded, it will be showing as a .nupkg file so you’ll simply need to rename it as a .zip, and then extract the files. Next, navigate to the lib > netstandard2.0 folder and there should be an Amazon.Extensions.CognitoAuthentication.dll file that you’ll be able to drop into your project the same as before.
If using Visual Studio, you can check to make sure each of your assemblies and NuGet Packages are active and available by going to Project > Manage NuGet Packages, and then if not installed already, install each of the ones correlating to the AWS assemblies you’ve imported.
Even after you’ve followed along and successfully set up your Unity project to work with AWS, you still have to hard battle ahead combing through Amazon’s less than ideal developer documentation, but hopefully this allows for a much smoother start.