Use Cognito as primary identity provider for non-AWS-hosted applications?
Hello,
Is it possible to use Cognito as primary identity provider for non-AWS-hosted applications?
AUTHENTICATION: It seems to be possible to do authentication via the Cognito User Pools. I see it returns an access token after authentication: http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html
DOWNSTREAM AUTHORIZATION: Assuming trust with the downstream non-AWS-hosted service provider, I'm not sure how any authorization could happen within this service provider considering I don't see any standard token (SAML...) being provided by Cognito. Any way to forward a standard token to a downstream non-AWS-hosted service provider?
Thanks!
- 新しい順
- 投票が多い順
- コメントが多い順
You can accomplish custom authorization in your downstream apps by using the Cognito User Pool Groups. You can place your users into groups on the Cognito side. The JWT ID Token will contain the role values associated with the user in the cognito:roles claim. You will then grant the appropriate authorization level based on the role that the user is assigned.
Here's more info: http://docs.aws.amazon.com/cognito/latest/developerguide/role-based-access-control.html
関連するコンテンツ
AWS公式更新しました 2年前- AWS公式更新しました 1年前
