Intro
Innogy, a leading energy company, required a seamless Single Sign-On (SSO) solution to
handle secure token management and ensure smooth session continuity for users navigating
between their mobile and web applications. To achieve this, Innogy collaborated with
DevOpsGroup, leveraging AWS Cognito and custom authentication flows to securely transfer
active user sessions across multiple applications without requiring repeated logins. This solution
also ensured security and a smooth user experience.
Objective
Objective
Innogy wanted a secure solution to handle user sessions and tokens, allowing users to move
between apps without re-authenticating. With DevOpsGroup’s expertise, Innogy aimed to:
- â—Ź Ensure seamless user experiences with uninterrupted session transfers.
â—Ź Implement secure token generation and management with minimal reauthentication.
â—Ź Enhance overall security through secure token handling. - Â
Key Challenges:
- â—Ź Cross-Platform Session Management: Ensuring active sessions could be transferred
without requiring new logins.
â—Ź Token Security: Implementing hashed tokens and timestamp validations to prevent
unauthorized access.
â—Ź Performance & Latency: Ensuring low-latency session handling for optimal user
experience.
Solution
DevOpsGroup used AWS Cognito and Lambda functions to build a secure token system for
Innogy. The key features included:
- â—Ź Token Swap: AWS Cognito was used to swap tokens securely between apps, allowing
users to move between devices like mobile and web.
● Custom Authentication: AWS Cognito’s custom flows helped manage tokens with
unique security measures, including encryption and time-based validity.
â—Ź Automated Session Verification: Lambda functions were used to check token validity
and make sure they couldn’t be misused.
â—Ź Redirects: Once authenticated, users were automatically sent to the correct page
without needing to log in again. - Â
Security was enhanced by encrypting tokens and using client-specific keys for extra protection.
Challenges
â—Ź Token Validation & Security: Ensuring tokens could not be tampered with and would
automatically expire to reduce risks.
â—Ź Cross-Account Authentication: Managing authentication across different applications
(e.g., mobile vs. web).
â—Ź Session Continuity: Minimizing any latency during session swaps for a smooth user
experience.
Success Criteria
â—Ź Seamless User Transitions: Users could move between applications without requiring reauthentication.
â—Ź High Security: Ensuring tokens were secure and properly managed.
â—Ź Low Latency: Keeping the system fast and responsive.
Benefits
● Enhanced Security: Secure hash generation and token encryption, plus Cognito’s
cross-client token swaps, protected user sessions and reduced reauthentication needs.
â—Ź Improved User Experience: Users experienced uninterrupted sessions when
transitioning between applications, enhancing platform usability.
● Reduced Operational Complexity: DevOpsGroup’s solution allowed Innogy’s technical
teams to handle user sessions more efficiently, reducing manual processes and
improving operational flow.
Conclusion
With help from DevOpsGroup, Innogy created a secure system to manage user sessions across different apps, so users didn’t have to log in every time they switched platforms. Using AWS Cognito’s custom login features and encrypted tokens, Innogy made sure user data was safe. The system was also designed to grow with the company, handling more users as needed. This made the user experience smoother and more convenient, while also making the company’s operations more efficient and lessening the workload for their tech teams.
Head of Professional services
Michal ReĹľnickĂ˝
DevOpsGroup and their specialists are very structured, organized and always ready for meetings. In this project we worked with Pavel Krajkovic, junior DevOps Architect. I really appreciate in Pavel Krajkovic’s calmness in explaining the infrastructure to a customer with little experience in this area. It is important to have strong communication skills when presenting a solution like this.
