Tohuwabohu excorcism

User Tools

Site Tools

Trace:
cloud:aws:cognito

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
cloud:aws:cognito [2018/08/09 10:09] skipidarcloud:aws:cognito [2023/11/01 07:13] (current) – ↷ Page moved from business_process_management:camunda:cloud:aws:cognito to cloud:aws:cognito skipidar
Line 1: Line 1:
 ===== Cognito ===== ===== Cognito =====
  
-|Identity Pool alias **Federated Identities**|<WRAP> See the federation tokes, which are given to users from "User pool"+|Cognito Identity|<WRAP>  
 +Behind the identity ther is a person. The identity is an abstraction of a login / userid, because the userid or login can come from different systems, like facebook, google etc. 
 +</WRAP>
 +|Identity Pool alias **Federated Identities**|<WRAP> 
  
 Identity pools allow you to grant users authenticated by third parties (e.g. login with Google) temporary IAM credentials to use you AWS resources in a limited way. Identity pools are free of cost and you only pay for the resources your users use via the IAM credentials. Identity pools allow you to grant users authenticated by third parties (e.g. login with Google) temporary IAM credentials to use you AWS resources in a limited way. Identity pools are free of cost and you only pay for the resources your users use via the IAM credentials.
 +
 +See the federation tokes, which are given to users from "User pool"
  
 </WRAP>| </WRAP>|
-|User pool|<WRAP> Users, its passwords. But trusted externals, like facebook, which are allowed to federate its stuff.+|User pool|<WRAP>
  
 User pools allow you to store your own users, they can sign up directly to the user pool and not have to use a third party provider like Google or Facebook.  User pools allow you to store your own users, they can sign up directly to the user pool and not have to use a third party provider like Google or Facebook. 
Line 15: Line 20:
 |Federation tokens|Are provided in the Identity pool. At the end, they are associated with an IAM role and get access to AWS resources | |Federation tokens|Are provided in the Identity pool. At the end, they are associated with an IAM role and get access to AWS resources |
 |Federated Identities > [[https://docs.aws.amazon.com/cognito/latest/developerguide/external-identity-providers.html|External Identity Providers]]| **Apps** on **Facebook, Google+** or other platforms may be added to use Cognito API, in order to **access AWS resources**. Supported protocols: SAML, OpenID | |Federated Identities > [[https://docs.aws.amazon.com/cognito/latest/developerguide/external-identity-providers.html|External Identity Providers]]| **Apps** on **Facebook, Google+** or other platforms may be added to use Cognito API, in order to **access AWS resources**. Supported protocols: SAML, OpenID |
 +| OpenID |<WRAP> 
 +About authentication.
 +</WRAP>|
 +| Oauth 2.0|<WRAP> 
 +About authorization.
 +</WRAP>|
 +| Token |<WRAP> 
 +This is a OpendId Connect compliant id token issued by Cognito Identity which asserts the users identity in a signed and verifiable way. Consider this token as a digital identity card which can be used by clients to verify the identity of users. You can refer to cognito API documentation for details on how to obtain this token and this documentation for more details on how to validate this token as a client.
 +</WRAP>|
 +| SessionToken|<WRAP> 
 +This token is issued by the service as a descriptor of users AWS session along with the temporary AWS credentials. Cognito calls STS on your behalf and returns the temporary credentials returned. When using other AWS resources using the issued temporary credentials, this token should be a part of the passed temporary credentials. Refer to cognito API reference and STS documentation for more details.
 +</WRAP>|
 +| SyncSessionToken|<WRAP> 
 +Is an identitfier issued by Cognito Sync service after initializing a sync operation. This sync operation is used as a unit for Cognito sync pricing. A sync operation is marked complete when you perform a successful write/update records using this token or this token expires.
 +</WRAP>|
  
-{{https://lh3.googleusercontent.com/-gQ5DqzEUMXQ/W2c0YgZroqI/AAAAAAAAAMA/0cuRqXD5F9gwdsYKnMF0oRgd4fz5YR35wCHMYCw/s0/2018-08-05_19-31-14.png}} 
  
  
-===Difference User Pools > Identity providers and  Federated Identities > Authentication providers===+{{https://lh3.googleusercontent.com/-gQ5DqzEUMXQ/W2c0YgZroqI/AAAAAAAAAMA/0cuRqXD5F9gwdsYKnMF0oRgd4fz5YR35wCHMYCw/s0/2018-08-05_19-31-14.png}} 
  
-**Identity pools** (Federated identities) allow you to grant users authenticated by third parties (e.g. login with Google) temporary IAM credentials to use you AWS resources in a limited way. Identity pools are free of cost and you only pay for the resources your users use via the IAM credentials. 
  
-User pools allow you to store your own users, they can sign up directly to the user pool and not have to use a third party provider like Google or Facebook. Confusingly user pools also have a 'federation' option (Identity providers) but this will actually create externally federated users in the pool. User pools provide OpenID tokens (access, id, refresh), not IAM credentials, which you can use with your own endpoints (ec2, fargate, api-gateway). User pools have costs associated with them based on the active users per month. 
cloud/aws/cognito.1533809390.txt.gz · Last modified: (external edit)