Web Identity Federation and Cognito Flashcards
What is Web Identity Federation?
Web Identity Federation lets you give your users access to AWS resources after they have successfully authenticaed with a web-based identity provider like Amazon, Facebook, or Google.
After successfully authenticating, the user gets an authentication code from the WebID provider, which they can trade for temporary AWS security credentials
What is Amazon Cognito?
Amazon Cognito is a Web Identity Federation service from Amazon which handles interactions between your applications and the WebID provider (you don’t need to write the code to do this)
What is the recommended approach for Web Identity Federation using accounts like Facebook?
- User authenticates with Facebook
- Facebook will send back an authentication token
- User send authentication token to Cogntio
- Cognito responds, and grants the appropriate access
What does JWT stand for?
JSON Web Token
What is the key difference between Cognito User Pools and Identity Pools?
- Cognito User Pools are for Authentication
- Identity Pools are for Authorization
What does OIDC stand for?
OpenID Connect
Does AWS Cognito support OIDC identity providers?
Yes