发表新帖
发表新帖

AWS Cognito - User Pool Federation vs Identity Pool Federation

后端 未结
关注
2 2009
离开以前
离开以前 2021-02-06 13:07

Question

Why AWS Cognito has two places to federate Identity Providers? I think Identity Pool is supposed to be federated with identity providers and wonder why User P

2条回答
  • 余生分开走
    余生分开走 (楼主)
    2021-02-06 13:47

    User Pool

    User pools are for authentication (identity verification). With a user pool, your app users can sign in through the user pool (which is essentially a user directory in Amazon Cognito) or federate through a third-party identity provider (IdP), for example social identity providers like Google, Facebook, Amazon, or Apple, and through SAML identity providers.

    After successfully authenticating a user, Amazon Cognito issues JSON web tokens (JWT) that you can use to secure and authorize access to your own APIs, or exchange for AWS credentials (here is where Identity Pool comes into play).

    Use a user pool when you need to:

    • Design sign-up and sign-in webpages for your app.
    • Access and manage user data.
    • Track user device, location, and IP address, and adapt to sign-in requests of different risk levels.
    • Use a custom authentication flow for your app.

    Identity Pool

    Identity pools are for authorization (access control). With an identity pool, you can obtain temporary, limited-privilege AWS credentials to access other AWS services.

    Use an identity pool when you need to:

    • Give your users access to AWS resources, such as an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon DynamoDB table.
    • Generate temporary AWS credentials for unauthenticated users (User Pools support anonymous guest users).

    Identity pools provide AWS credentials to grant your users access to other AWS services. To enable users in your user pool to access AWS resources, you can configure an identity pool to exchange user pool tokens for AWS credentials.

    Sources:

    https://aws.amazon.com/premiumsupport/knowledge-center/cognito-user-pools-identity-pools/

    https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html

    https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html

    0 讨论(0)
 看不清?
提交回复
热议问题