Web Identity Federation and Cognito Flashcards
what is web Identity Federation
web Identity Federation lets you give your users access to AWS resources after they have successfully authenticated with a web-based identity provider like Amazon, Google, facebook. Following successful authentication, the user receives an authentication code from the web id provider , which they can trade for AWS security credentials.
what is Amazon Cognito
Amazon Cognito is a web identity federation service with the following features.
Sign up and Sign in to your apps
Access for guest users
Acts as an Identity broker between your application and Web ID providers, so you don’t need to write any additional code
Synchronizes user data from multiple services
Recommended for all mobile applications AWS Services.
Features of Cognito
Cognito brokers between the app and web id providess like facebook to provide temporary credentials which then map to IAM role allowing access to the required resources
No need for the application to embed or store AWS credentials locally on the device and it gives users seamless experience across all mobile devices
Cognito User Pools
Cognito User Pools are user directories used to manage signup and sign in functionality for mobile and web applciations. Users can sign-in directly to the user pool, or using Facebook or Amazon or Google. Cognito accts as a Identify Broker between the identity provider and AWS.
Successful authentication generates as JSON web Token (JWTs)
User authenticates first with a web identity provider and recieves an authentication token, which is exchanged for temporary AWS credentials allowing them to assume and IAM role.
Cognito Identity Pools
Cognito Identity Pools provide teamprary AWS credentials to access AWS services like S3 or DynamoDB.. Its all about authorization
User Pools Vs Identity Pools
Users pools is all about user data like user email addresses to authenticate and Identity Pools is all about authorization and their access to AWS services
AWS Synchronization
In order to provide a seamless experience, cognito tracks all the user data and uses push synchronization using SNS to push notifications to all the devices associated with a given user identity whenever data stored in the cloud changes.