Doing user management the right way is hard work. Allowing users to register themselves, and verifying their identity can be difficult. However, using Amazon Cognito and the Vonage Verify API help make it a bit easier by doing the heavy lifting.
With a few web forms, Vonage SDK, and AWS SDK, you can create a standard user management system allowing a user to register, update their credentials, validate their identity, and login. You'll use the code from the verify-aws-cognito-php code repo.
NOTE: For educational purposes, the example code in the repo above was kept simple. I did not use a framework, CSS, or Javascript. However, I recommend using a supported framework, and proper CSS styling for a better application observing the proper separation of concerns.
PHP 7.4 (update
serverless.ymlfor other versions)Composer installed globally
To complete this tutorial, you will need a Vonage API account. If you don’t have one already, you can sign up today and start building with free credit. Once you have an account, you can find your API Key and API Secret at the top of the Vonage API Dashboard.
Clone the verify-aws-cognito-php repo from GitHub, and navigate into the newly created directory to proceed.
This example requires the use of Composer to install dependencies and set up the autoloader.
Assuming you have Composer installed globally, run:
This example uses Amazon Cognito User Pools to hold users. I set up a User Pool as follows:
Navigate to the Amazon Cognito Dashboard in the AWS Console.
Select
Manage User Pools.Create a new user pool.
Give the pool a name, and click
Step through settingsSelect
Email address or phone numberand pickAllow email addressesClick
Next stepSet the minimum password length, and desired complexity settings
Make sure to
Allow users to sign themselves upClick
Next stepLeave the next step as-is, for this example. We will use Vonage for 2FA
Click
Next stepSelect a
FROM email address ARNfrom the dropdown. This assumes you've already created an idenity in Amazon Simple Email Service(SES)Add a
FROM email addressas desired.Leave the rest of this page unchanged. However, I do recommend you remove the trailing periods from the email messages. This prevents the recipient from mistakenly using the period as part of the temporary password.
Click
Next stepSkip adding tags by clicking
Next stepSkip devices by clicking
Next stepClick the link to
Add an app clientGive the app client a name
Uncheck the box to
Generate client secretCheck the rest of the boxes
Click
Create app clientClick
Next stepSkip triggers by clicking
Next stepClick
Create pool
Rename the provided .env.default file to .env and update the values as needed:
All placeholders noted by
<>in the example above need to be updated. Update the others as needed.
Test the app by running it locally with the PHP built-in webserver with the command:
View the main landing page by going to http://localhost:8080 in a web browser.
IMPORTANT: Though this app functions, it is intended for educational purposes and is not ready for public use as-is.
The app flow is as follows:
From the main page, click either
LoginorRegister.After registration (
user_register.php) the user is redirected to a mandatory password change page. (login_reset.php) Here they should utilize the temporary password emailed to them.After updating the temporary password the user is redirected to the login page. (
login.php)The login is where a new user, or an existing user can login.
After successful login, the user is redirected to the 2FA verification page. (
login_verify.php) Here they enter the 6 digit code sent to their mobile number.Upon successful 2FA verification, the user is then redirected back to the main page (
index.php) where they see they are now logged in with an option to logout. (logout.php)
If you have any questions or run into troubles, you can reach out to @VonageDev on Twitter or inquire in the Nexmo Community Slack team. Good luck.
){kind=small}
