Web Identity Federation and Cognito

Question 1

What is Web Identity Federation?

Answer 1

Web Identity Federation lets you give your users access to AWS resources after they have successfully authenticaed with a web-based identity provider like Amazon, Facebook, or Google.

After successfully authenticating, the user gets an authentication code from the WebID provider, which they can trade for temporary AWS security credentials

Question 2

What is Amazon Cognito?

Answer 2

Amazon Cognito is a Web Identity Federation service from Amazon which handles interactions between your applications and the WebID provider (you don’t need to write the code to do this)

Question 3

What is the recommended approach for Web Identity Federation using accounts like Facebook?

Answer 3

1. User authenticates with Facebook
2. Facebook will send back an authentication token
3. User send authentication token to Cogntio
4. Cognito responds, and grants the appropriate access

Question 4

What does JWT stand for?

Answer 4

JSON Web Token

Question 5

What is the key difference between Cognito User Pools and Identity Pools?

Answer 5

• Cognito User Pools are for Authentication
• Identity Pools are for Authorization

Question 6

What does OIDC stand for?

Answer 6

OpenID Connect

Question 7

Does AWS Cognito support OIDC identity providers?

Answer 7

Yes