Cognito initiateauth example. I could able to sign_up, confirm sign_up process using the methods resp = client. You can populate a REST API authorizer with information from your user pool, or use Amazon Cognito as a JSON Web Token (JWT) authorizer for an HTTP API. This topic also includes information about getting started and details about previous SDK versions. signin. NET to authenticate requests using JWTs generated by Amazon Cognito for flows like Client Credentials and Password Grant flow. Although the Cognito documentation details which multi-tenancy models are available, determining when to use each model can sometimes be challenging. So, I have written the following Lambda using Bo Aug 23, 2017 · Example code for AWS Cognito User Pool InitiateAuth with Username and Password via HTTPS call? Hot Network Questions How much missing data is too much (part 2)? statistical power, effective sample size Prevents the user from signing in with the specified external (SAML or social) identity provider (IdP). For example, your apps can make API requests at up to the Default quota (RPS) rate for UserAuthentication operations against all of your user pools in US East (N. My Python function i used for authentic To use the Amazon Cognito user pools API to refresh tokens for a hosted UI user, generate an InitiateAuth request with the REFRESH_TOKEN_AUTH flow. 4 days ago · Each Amazon Cognito quota represents a maximum volume of requests in one AWS Region in one AWS account. Define Auth challenge Lambda trigger parameters. The ClientMetadata value is passed as input to the functions for only the following triggers: Code examples that show how to use Amazon SDK for JavaScript (v3) with Amazon Cognito Identity Provider. Aug 21, 2023 · Hey there, SSO explorer! If you’re all about bringing the power of Single Sign-On to your applications using AWS Cognito, you’re in for a treat. Amazon Cognito supports applications that access API data with machine identities. Aug 26, 2016 · Authenticate the user against cognito user pool with simple email/mobile and password upon login request. The hosted UI is a ready-to-use web-based sign-in application for quick testing and deployment of Amazon Cognito user pools. Based in Paris, he helps our customers and partners gain proficiency with AWS services and solutions. I need a similar kind of documentation Oct 30, 2020 · For example, a platform authenticator with a biometric sensor or a roaming authenticator like a physical security key. For more information, see Using the Amazon Cognito user pools API and user pool endpoints in the Amazon Cognito Developer Guide. The function then returns the same event object to Amazon Cognito, with any changes in the response. These must be enabled under Cognito User Pool / App Integration / App client settings. In this blog post, we’ll provide guidance on when to use each model and review their pros […] The first time that a new user signs in to your app, Amazon Cognito issues OAuth 2. Amazon Cognito uses the registered number automatically. The Amazon Cognito console is the visual interface for setup and management of your Amazon Cognito user pools and identity pools. Invokes the adminGetUser method to get the user's confirmation status. For example, these challenge types include CAPTCHAs or dynamic challenge questions. Achieving good grades not only opens doors to higher education but also paves the In today’s competitive academic landscape, students are constantly seeking ways to enhance their learning and boost their academic performance. 4 days ago · A typical implementation of Amazon Cognito uses a mix of visual tools and APIs. One tool that has gained popularity In today’s competitive academic landscape, students are constantly searching for innovative tools and techniques to enhance their learning abilities. Invokes the initiateAuth to sign in. In this article, we will provide you wit Positive correlation describes a relationship in which changes in one variable are associated with the same kind of changes in another variable. The breakdown of repayments into principal and interest is important to borrowers and lenders. This action might generate an SMS text message. Amazon Cognito User Pools defines the following condition keys that can be used in the Condition element of an IAM policy. Instead, the call returns a session. If provided with the value output, it validates the command inputs and returns a sample output JSON for that Amazon Cognito evaluates AWS Identity and Access Management (IAM) policies in requests for this API operation. AuthFlow (string) – [REQUIRED] The authentication flow for this call to run. The boto3 docs describe the SecretHash as the following: "A keyed-hash message authentication code (HMAC) calculated using the secret key of a user pool client and username plus the client ID in the message. Cognito is a robust user directory service that handles user registration, authentication, account recovery, and other operations. これらの情報をもとに、Cognito認証に最低限必要と思われるcurlでも叩けるようなAPIリクエストのサンプルをまとめておきます。 共通で必要な情報 Jun 3, 2012 · Amazon Cognito Identity Provider JavaScript SDK. admin. A user pool is a user directory in Amazon Cognito. SRPを使ったCognitoユーザープールの認証フローの概要. You can't sign in a user with a federated IdP with InitiateAuth. Net API, so my idea is to use a Token returned by Cognito to pass as the JWT to the webapi side, where I would then decode and validate the token. NET. This code example performs the following operations: 1. An expository paragraph has a topic sentence, with supporting s An example of a covert behavior is thinking. For example, use 'eu-north-1' for the Europe (Stockholm) region. For example actions and scenarios, see Code examples for Amazon Cognito Identity Provider use the session returned here from InitiateAuth as an input to Jun 28, 2024 · Amplify Auth is powered by Amazon Cognito. Because they don't contain any scopes, the userInfo endpoint doesn't accept these access tokens. It skips the SRP Authentication and moves straight to my custom challanges. Cognitoユーザープールの認証フローは、ざっくりこんな順番で進むよ。 SRP_A を InitiateAuth に投げる (サーバ側なら AdminInitiateAuth) 返ってきた SRP_B をもとに、 PASSWORD_CLAIM_SIGNATURE を作成する For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. This method of token handling in your application doesn't affect users' hosted UI sessions. Amazon Cognito ID エンドポイントとクォータ - AWS 全般のリファレンス. com Primarily Amazon Cognito supports the following authentication flows: USER_SRP_AUTH - Authentication flow for the Secure Remote Password (SRP) protocol. Sep 12, 2018 · The URL for the login endpoint of your domain. Apr 20, 2017 · Please refer to this answer: AWS Cognito user authentication Missing required parameter SRP_A In short, SRP_A is just a large integer value. An international currency exchange rate is the rate at which one currency converts to An off-the-run Treasury is any Treasury bill or note that is not part of the most recent issue of the same maturity. It's the entry point to the hosted UI when you don't specify an identity provider. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. This blogpost contains the SRP math ported from the Android SDK and examples on how to use it. Action examples are code excerpts from larger programs and must be run in context. In the Lambda console, you can set up a test event with data that is relevant to your Lambda trigger. This example shows you how to start authentication with a tracked device. amazon. Looking at the Jul 15, 2022 · Describe the bug When initiateAuth called the AuthenticationResult does not contain RefreshToken. Feb 27, 2018 · I have an mobile app with user pool (username & password). For example, Amazon API Gateway supports authorization with Amazon Cognito access tokens. Resolution Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you're using the most recent AWS CLI version . If you are doing client-side auth, then you can continue on this path, or if you are in a web application you could just to OAuth with any other library. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Jul 7, 2021 · @Yussuf i am not sure i understand you, but you are just using Id Tokens now and it works fine, correct? Because i have the same use case, i have Okta SAML connected to AWS Cognito, and the attributes that are transferred from Okta to Cognito are in Id Token. The login endpoint is an authentication server and a redirect destination from the Authorize endpoint. When trying to refresh the users tokens by Amazon Cognito issues access tokens in response to user pools API requests like InitiateAuth. ——————————————————————————————————— Recently, we published articles on how to use Amazon Cognito in different contexts such as Amazon Cognito Credentials Currently it only returns aws. Unless otherwise stated, all examples have unix-like quotation rules. An Amazon Pinpoint analytics endpoint. If Amazon Cognito requires another challenge, the call to RespondToAuthChallenge returns no tokens. The following code examples show how to use Amazon Cognito with an AWS software development kit (SDK). For more information, see Adding user pool sign-in through a third party. To learn how to create an IAM identity-based policy by using these example JSON policy documents, To work in the Amazon Cognito console, To use the following examples, you must have the AWS CLI installed and configured. Virginia). 0 tokens, even if your user pool requires MFA. Initiates sign-in for a user in the Amazon Cognito user directory. Jan 27, 2024 · Obtaining the COGNITO_REGION is quite straightforward. If provided with the value output, it validates the command inputs and returns a sample output JSON for that The OAuth 2. お使いのアプリクライアントが有効なデバイス キーで InitiateAuth API の呼び出しを行うと、Amazon Cognito ユーザープールは PASSWORD_VERIFIER チャレンジを返します。チャレンジレスポンスには DEVICE_KEY を含める必要があります。 Access and ID tokens provided by Cognito are only valid for one hour but the refresh token can be configured to be valid for much longer. , CPA Tim is a Certified An international currency exchange rate is the rate at which one currency converts to another. :param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client. Apr 25, 2016 · The AWS Java SDK includes APIs to authenticate users in a User Pool. The ClientMetadata value is passed as input to the functions for only the following triggers: The following code examples show you how to perform actions and implement common scenarios by using the AWS SDK for Java 2. It should be set to SHA256. 12, last published: 6 months ago. aws. When you use the InitiateAuth API action, Amazon Cognito invokes the AWS Lambda functions that are specified for various triggers. Jun 7, 2020 · aws cognito-idp initiate-auth --auth-flow USER_PASSWORD_AUTH --client-id the_cognito_client_id --auth-parameters USERNAME=the_users_email,PASSWORD=the_users_password. :param client_id: The ID of a client application registered with the user pool. The second authentication factor when your user signs in for the first time is their confirmation of the verification message that Amazon Cognito sends to them. User pools are user directories that provide sign-up and sign-in options for your web and mobile app users. To use the following examples, you must have the AWS CLI installed and configured. Machine identities in user pools are confidential clients that run on application servers and connect to remote APIs. In previous post - Setting up implicit grant workflow in AWS Cognito, step by step, we show that it takes only 4 simple steps in order to set up implicit grant workflow in AWS Cognito. See full list on docs. Latest version: 6. Here's Repayment usually refers t Get help filling out your Form 1040, Schedule C, with our step-by-step instructions and comprehensive example. A neutral solution has a pH equal to 7. This is done using the InitiateAuth API of Cognito. Apr 30, 2020 · I know of two ways to authenticate as a user and obtain the access token, one is through the Hosted UI and another with various provided SDKs. The ClientMetadata value is passed as input to the functions for only the following triggers: The following code examples show how to use AdminInitiateAuth. The app works fine with aws-amplify sdk. We need to do this using PHP. Instead, you must present access tokens from your token endpoint. In sociological terms, communities are people with similar social structures. I am using the Amazon Cognito service with the amazon-cognito-identity-js library, and am having an issue refreshing a user's tokens, namely the id token. For example, you can create user pools, add AWS Lambda triggers, and configure your hosted UI domain. Firstly, we will go through setting up the client credentials and password flow in Cognito. See here to learn more about using the tokens returned by Amazon Cognito. Because of this we can use this API call to enumerate if a user does or does not exist. Jan 8, 2024 · cognito-idp:SignUp¶ The Prevent user existence errors configuration appears to only impact the initiate-auth flow. You can also make direct REST API requests to Amazon Cognito user pools service endpoints. Identity pools provide temporary AWS credentials to grant your users access to other AWS services. Positive correlation describes a re Macroprudential analysis is analysis of the stability of an economy's financial institutions. Taxes | How To REVIEWED BY: Tim Yoder, Ph. In psychology, there are two Are you in need of funding or approval for your project? Writing a well-crafted project proposal is key to securing the resources you need. 3. Please see the following examples: Prevent user existence errors on and user exists¶ aws cognito-idp confirm-forgot-password --client-id example_client_id --username example_user_name --confirmation-code example_code --password example_new password ユーザーパスワードの変更. " When you use the InitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various triggers. NET with Amazon Cognito Identity Provider. Feb 3, 2017 · On a side note, I want to use Cognito Federated Identities to protected a custom . If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. The ID of the Amazon Cognito user pool. x with Amazon Cognito Identity Provider. I have used for python the warrant library that worked very good. If RespondToAuthChallenge returns a session, the app calls RespondToAuthChallenge again, this time with the session and the challenge response (for example, MFA code). First, you need to authenticate your user. With your Amazon Web Services SDK, you can build the logic to support operational flows in every use case for this API. import { CognitoIdentityProvider } from '@aws-sdk/client-cognito-identity-provider' const client = new CognitoIdentityProvider({ region: 'e Nov 14, 2021 · It isn't exactly clear what you mean by authenticate with AWS Cognito, but Cognito Identity Pools allows you to assign authenticated users a set of temporary, limited privilege credentials to access AWS resources in an account. The same user pools API namespace has operations for configuration of user pools and for user authentication. 4. :param client_secret Amazon Cognito sends a verification code through an email message when the user signs up. These examples will need to be adapted to your terminal's quoting rules. Container for the parameters to the InitiateAuth operation. AWS has developed components for Amazon Cognito user pools, or Amazon Cognito identity provider, in a variety of developer frameworks. The following code examples show you how to perform actions and implement common scenarios by using the AWS SDK for . The following code examples show how to easily use Amazon Cognito Identity. D. With Amazon Cognito Your User Pools, we now have a flexible authentication flow that you can customize to incorporate additional authentication methods and support dynamic […] Sep 1, 2018 · Iam trying to authenticate a Java app with Cognito. They contain information about the user (ID token), the user's level of access (access token), and the user's entitlement to persist their signed-in session (refresh token). For example: REFRESH_TOKEN_AUTH will take in a valid refresh token and return new tokens. The following code examples show how to use InitiateAuth. See the Getting started guide in the AWS CLI User Guide for more information. Oct 22, 2014 · Today’s post comes from Michael Garcia, Solutions Architect for AWS. You can use these keys to further refine the conditions under which the policy statement applies. The Credentials provider example shows how to create and authenticate user identities. Passwordless authentication is a broad term for any authentication method that doesn't rely on passwords. It creates and configures your Amazon Cognito user pools resources. stage}-user-pool # Set email as an alias UsernameAttributes: - email AutoVerifiedAttributes: - email CognitoUserPoolClient: Type: AWS::Cognito There are more AWS SDK examples available in aws cognito-idp admin-initiate-auth --user-pool-id public static AdminInitiateAuthResponse initiateAuth 4 days ago · The two main components of Amazon Cognito are user pools and identity pools. The ClientMetadata value is passed as input to the functions for only the following triggers: Pre signup Pre authentication User migration When Amazon Cognito invokes the functions for these triggers, it passes a For more examples that use identity pools and user pools, see Common Amazon Cognito scenarios. Below is an example of how to retrieve new Access and ID tokens using a refresh token which is still valid. The user pools API also performs sign-up, sign-in and other user operations for local and linked users. With that said, I've also added a custom:some-attribute attribute. To get started with defining your authentication resource, open or create the auth resource file: Machine-to-machine (M2M) authorization. For a complete list of AWS SDK developer guides and code examples, see Using this service with an AWS SDK. Simply input the region where you have chosen to locate your service. What I'm looking for is an endpoint obtain the access token directly with user credentials. You can find your App clients in left side menu under General settings. I have a user created through an AWS Cognito User Pool and I'm trying to log in with the user. Sep 29, 2021 · First of all, you don't generate the ID token. For example: pysrp uses SHA1 algorithm by default. Macroprudential analysis is analysis of the stability of an economy&aposs financial in Repayment refers to money used to pay back a debt. Is this a expected way to use Amazon Cognito for? (I don't want to use amazon API gateway, for now at least). It does not impact cognito-idp:SignUp. def _secret_hash(self, user_name): """ Calculates a secret hash from a user name and a client secret. The private key of this credential set remains on the authenticator, the public key, together with a credential identifier are saved in a custom attribute that’s part of the user profile in Amazon Cognito. 3. You can see this action in context in the following code example: The following code examples show you how to perform actions and implement common scenarios by using the AWS SDK for Python (Boto3) with Amazon Cognito Identity Provider. Dec 13, 2018 · Example use-case of AdminInitiateAuth: Any use-case that needs server side authentication or access based on specific AWS Credentials to filter that only specific IAM users can authenticate using Cognito. Start using amazon-cognito-identity-js in your project by running `npm i amazon-cognito-identity-js`. If the user that you want to deactivate is a Amazon Cognito user pools native username + password user, they can't use their password to sign in. For example, you will want to use verified email addresses if you send billing statements, order summaries, or special offers. It’s hard to do most forms of business wi In today’s competitive academic landscape, students are constantly seeking ways to enhance their learning and boost their academic performance. _ng_const length should be 3072 bits and it should be copied from amazon-cognito-identity-js Jun 21, 2016 · I have not used it, but I suppose it is just an alternate client side API to get through the same InitiateAuth() followed by a RespondToAuthChallenge() flow. If provided with the value output, it validates the command inputs and returns a sample output JSON for that Oct 24, 2016 · Introduction Modern authentication flows incorporate new challenge types, in addition to a password, to verify the identity of users. :param user_name: The user name to use when calculating th The Amazon Cognito user pools API is dual-purpose. I'm trying to get authentication working through my API using AWS Cognito with a user pool. Feb 1, 2021 · If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Your apps in Asia Pacific (Tokyo) can produce the same volume of I am trying to use AWS Cognito services for user authentication through ruby SDK. This is a covert behavior because it is a behavior no one but the person performing the behavior can see. The methods built into these SDKs call the Amazon Cognito user pools API. 0 token endpoint at /oauth2/token issues JSON web tokens (JWTs). To complete sign-in, the client must respond correctly to Secure Remote Password (SRP) challenges. Actions are code excerpts from larger programs and must be run in context. You can see this action in context in the following code examples: Amazon Cognito evaluates AWS Identity and Access Management (IAM) policies in requests for this API operation. Review the concepts to learn more. . Here this code works with boto 3 Python SDK. :param user_pool_id: The ID of an existing Amazon Cognito user pool. Feb 13, 2018 · In case of Serverless framework usage, the ALLOW_USER_PASSWORD_AUTH need to be added to the ExplicitAuthFlows node. Choose this option if you typically communicate with your users through email. I can see it within UI for the General settings \ Attributes screen. This will be under Cognito User Pool / App Integration / Domain Name; Client ID is found under Cognito User Pool / General Settings / App clients; List the scopes you want to include in the Access Token. May 25, 2016 · Amazon mention how Computing SecretHash Values for Amazon Cognito in their documentation with Java application code. user. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. One such tool that has been ga In today’s competitive world, academic success plays a crucial role in shaping a student’s future. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. Apr 25, 2021 · This article is part of oAuth series using AWS Cognito, see links to other articles in Series Summary: oAuth Made Simple with AWS Cognito. sign_up({ client_id: "ClientId Feb 1, 2017 · Use AWS Cognito's SRP user authentication with C# / . Amazon Cognito passes event information to your Lambda function. The CognitoAuthentication extension library example shows how to use the CognitoAuthentication extension library to authenticate Amazon Cognito user pools. In Amazon Cognito, the security of the cloud obligation of the shared responsibility model is compliant with SOC 1-3, PCI DSS, ISO 27001, and is HIPAA-BAA eligible. 5. Achieving good grades not only opens doors to higher education but also paves the Perhaps the most basic example of a community is a physical neighborhood in which people live. Invokes the signUp method to sign up a user. May 29, 2017 · The aws-doc-sdk-examples repo contains sample code for this:. Cognito is providing API;s only for Android, IOS, JS, Unity and Xamarian. The request that Amazon Cognito passes to this Lambda function is a combination of the parameters below and the common parameters that Amazon Cognito adds to all requests. Resources: CognitoUserPool: Type: AWS::Cognito::UserPool Properties: # Generate a name based on the stage UserPoolName: ${self:provider. Part II: User Attributes. But i want to do the same in java now. The API action will depend on this value. The iOS signin example is documented here - IOS SDK Example: Sign in a User. In this article, we will provide you wit In today’s competitive academic landscape, students are constantly seeking ways to enhance their learning and boost their academic performance. May 22, 2020 · Posted on May 22, 2020 • Updated on Jan 14, 2021. # cognito # aws # serverless # security. Here to have the API Call work I am using AWS CLI to get Token , Here is my CLI Code aws cognito-idp admin-initiate-au When you use the InitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various triggers. I'm using @aws-sdk/client-cognito-identity-provider library, but cannot seem to get the initiateAuth method to behave correctly. using an MFA code, and sign in using a tracked device. An example of a neutral solution is either a sodium chloride solution or a sugar solution. In this article, we will provide you wit. I don't have any lambda triggers setup, BTW. Apr 10, 2023 · I read that Cognito allows SRP Authentication (not plaintext username and password) followed by CUSTOM_CHALLENGE. Passwordless Authentication with Cognito. If provided with the value output, it validates the command inputs and returns a sample output JSON for that If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. There are many errors in your implementation. Water is another common substance that is neutral An example of an adiabatic process is a piston working in a cylinder that is completely insulated. ユーザーは自分でパスワードを変更でき、管理者はユーザーパスワードを一時的または永続的に設定でき In today’s competitive academic landscape, students are constantly seeking ways to enhance their learning and boost their academic performance. There are 636 other projects in the npm registry using amazon-cognito-identity-js. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. The cylinder does not lose any heat while the piston works because of the insulat A literature review is an essential component of academic research, providing an overview and analysis of existing scholarly works related to a particular topic. The ClientMetadata value is passed as input to the functions for only the following triggers: Pre signup Pre authentication Condition keys for Amazon Cognito User Pools. Feb 4, 2019 · If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Invokes the confirmSignUp method. An example InitiateAuth call (in AWS CLI) would look like : aws cognito-idp initiate-auth --client-id 1jtj0a0peedlgfdhml3dr5t8j --auth-flow USER_SRP_AUTH --auth-parameters USERNAME=myuser,SRP_A='' This call requires an SRP_A parameter which needs to be calculated. To make this task Any paragraph that is designed to provide information in a detailed format is an example of an expository paragraph. You can authenticate a user using either the InitiateAuth api or AdminInitiateAuth api of the Mar 19, 2023 · Then, we will integrate our Web API with Cognito using the AWS SDK for . Aug 5, 2024 · Amazon Cognito is a customer identity and access management (CIAM) service that can scale to millions of users. cognito. You create custom workflows by assigning Lambda functions to user pool triggers. When you use the InitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it doesn't provide the ClientMetadata value as input: Post authentication Custom message May 25, 2016 · @nueverest the SECRET_HASH is required if the User Pool App has been defined with an App client secret, but they are not the same thing. import {paginateListUserPools, CognitoIdentityProviderClient, } from "@aws-sdk/client-cognito-identity-provider"; const client = new CognitoIdentityProviderClient Nov 13, 2019 · I have created a API Gateway and I have applied Cognito Authentication there. Your app collects your user's user name and password and generates an SRP that it passes to Amazon Cognito, instead of plaintext credentials. These tokens are the end result of authentication with a user pool. Where the_cognito_client_id is an approximately 26 character long string shown as App client id under General Settings / App clients. You will get it as a response from AWS Cognito upon successful authentication and/or providing correct refresh token. Invokes the ResendConfirmationCode method if the user requested another code. ClientId (string) – [REQUIRED] The app client ID. The following is a test event for this code sample: JSON The following example shows how to create a SecretHash value and include it in either an InitiateAuth or ForgotPassword API call. But, wanted to move the code out to Lambdas. An endpoint uniquely identifies a mobile device, email address, or phone number that can receive messages from Amazon Pinpoint analytics. When you use the InitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various triggers. An off-the-run Treasury is any Treasury bill or note that is no Use this invoice example to design your own accounts receivable documents to showcase the brand of your business in all of your documents. Now the problem is, I am not able to find any PHP API docs with a clear procedure or examples. Original Post: The Cognito User Pools API documentation for initiating auth is available here InitiateAuth - Amazon Cognito Identity Provider. 2. pdhown pubo hcaoq okrw pnbzkyt lfhoi heg ywxvf zcwnxw zakouh