Use Cognito as primary identity provider for non-AWS-hosted applications?
Hello,
Is it possible to use Cognito as primary identity provider for non-AWS-hosted applications?
AUTHENTICATION: It seems to be possible to do authentication via the Cognito User Pools. I see it returns an access token after authentication: http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html
DOWNSTREAM AUTHORIZATION: Assuming trust with the downstream non-AWS-hosted service provider, I'm not sure how any authorization could happen within this service provider considering I don't see any standard token (SAML...) being provided by Cognito. Any way to forward a standard token to a downstream non-AWS-hosted service provider?
Thanks!
- 最新
- 最多得票
- 最多評論
You can accomplish custom authorization in your downstream apps by using the Cognito User Pool Groups. You can place your users into groups on the Cognito side. The JWT ID Token will contain the role values associated with the user in the cognito:roles claim. You will then grant the appropriate authorization level based on the role that the user is assigned.
Here's more info: http://docs.aws.amazon.com/cognito/latest/developerguide/role-based-access-control.html
相關內容
AWS 官方已更新 2 年前- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前