Amazon Cognito Authentication and Authorization | Cognito User Pool & Identity Pool Explained
409 بار بازدید -
پارسال
-
Amazon Cognito is an identity
Amazon Cognito is an identity platform for web and mobile apps. Today we will understand important features of Cognito.
Userpool - Amazon Cognito user pool is a user directory. With a user pool, your users can sign in to your web or mobile app through Amazon Cognito, or federate through a third-party Identity provider. Amazon Cognito user pool can be a standalone IdP. Amazon Cognito draws from the OpenID Connect (OIDC) standard to generate JWTs for authentication and authorization. When you sign in local users, your user pool is authoritative for those users.
These are key features of Cognito User Pool.
1. Cognitor User pool can issue ID tokens to authenticate users.
2. Issue access tokens to authorize user access to APIs.
3. Sign up, manage, and authenticate users with the hosted UI.
4. Set up multi-factor authentication (MFA) for your users.
5. Secure against malicious activity and insecure passwords.
Identity Pool - Identity pool issues AWS credentials for your app to serve resources to users. You can authenticate users with a trusted identity provider, like a user pool or a SAML 2.0 service. It can also optionally issue credentials for guest users. Identity pools use both role-based and attribute-based access control to manage your users’ authorization to access your AWS resources.
1. It supports Amazon Cognito user pool Service provider - Exchange an ID token from your user pool for web identity credentials from AWS STS
2. SAML 2.0 Service provider - Exchange SAML assertions for web identity credentials from AWS STS
3. OIDC Service provider - Exchange OIDC tokens for web identity credentials from AWS STS
4. OAuth2 Service provider - Exchange OAuth tokens from Amazon, Facebook, Google, Apple, and Twitter for web identity credentials from AWS STS
5. Custom Service provider - With AWS credentials, exchange claims in any format for web identity credentials from AWS STS
6. Unauthenticated access - Issue limited-access web identity credentials from AWS STS without authentication
7. Role-based access control- Choose an IAM role for your authenticated user based on their claims, and configure your roles to only be assumed in the context of your identity pool
8. Attribute-based access control - Convert claims into principal tags for your AWS STS temporary session, and use IAM policies to filter resource access based on principal tags
#awsecs #cognitoidentitypool #cognitouserpool
** CHECK OUT OUR OTHER VIDEOS **
Create AWS EC2 Instance and Run Springboot Microservice and MongoDB in EC2 Server
AWS EC2 Instance Setup and Run Spring...
Introduction to Salesforce Commerce Cloud Introduction to Salesforce Commerce C...
Kubernetes Tutorial for Beginners Kubernetes Cluster Tutorial for Begin...
Kubernetes Architecture Component & Cluster Kubernetes Master & Worker Node Archi...
Kubernetes Node Affinity Taints & Tolerations Kubernetes Node Affinity Taints & Tol...
Why Python is Number1 language Why Python Programming Language is on...
What is Python function? What is Python Function? | Learn Pyth...
** CHECK OUR PLAYLISTS **
AWS Cloud and Docker Containers Complete Tutorial
Cloud & Container Tutorial with AWS C...
Salesforce commerce cloud SFCC B2B B2C SFMC Capabilities Salesforce Commerce Cloud | SFCC | B2...
CodeOneDigest Learning Shorts
COD Shorts - Java Python Nodejs AWS C...
Kubernetes Cluster Architecture Master & Worker Node Tutorial Kubernetes Cluster Architecture | Mas...
Complete Python Learning Tutorial Playlist
Python Programming Language | The Com...
Spring Boot Complete Tutorial Spring Boot Tutorial with Project Set...
** ABOUT OUR CHANNEL **
CodeOneDigest is a youtube channel for the videos on programming language, cloud and docker container technology in English and Hindi languages.
Check out our channel here:
@codeonedigest
Don’t forget to subscribe!
** OUR WEBSITE **
https://codeonedigest.wordpress.com/
** GET IN TOUCH **
Contact us on [email protected]
FOLLOW US ON SOCIAL - LIKE, SHARE & SUBSCRIBE
Get updates or reach out to Get updates on our Social Media Profiles!
Subscribe: https://bit.ly/3NeWQ8U
Youtube: @codeonedigest
Twitter: Twitter: codeonedigest
Facebook: Facebook: codeonedigest
Instagram: Instagram: codeonedigest
Linkedin: LinkedIn: codeone-digest-10b418255
Reddit: Reddit: codeonedigest
Github: https://github.com/codeonedigest
Website: https://codeonedigest.wordpress.com/
Tumblr: https://www.tumblr.com/codeonedigest
Pinterest: Pinterest: codeonedigest
Userpool - Amazon Cognito user pool is a user directory. With a user pool, your users can sign in to your web or mobile app through Amazon Cognito, or federate through a third-party Identity provider. Amazon Cognito user pool can be a standalone IdP. Amazon Cognito draws from the OpenID Connect (OIDC) standard to generate JWTs for authentication and authorization. When you sign in local users, your user pool is authoritative for those users.
These are key features of Cognito User Pool.
1. Cognitor User pool can issue ID tokens to authenticate users.
2. Issue access tokens to authorize user access to APIs.
3. Sign up, manage, and authenticate users with the hosted UI.
4. Set up multi-factor authentication (MFA) for your users.
5. Secure against malicious activity and insecure passwords.
Identity Pool - Identity pool issues AWS credentials for your app to serve resources to users. You can authenticate users with a trusted identity provider, like a user pool or a SAML 2.0 service. It can also optionally issue credentials for guest users. Identity pools use both role-based and attribute-based access control to manage your users’ authorization to access your AWS resources.
1. It supports Amazon Cognito user pool Service provider - Exchange an ID token from your user pool for web identity credentials from AWS STS
2. SAML 2.0 Service provider - Exchange SAML assertions for web identity credentials from AWS STS
3. OIDC Service provider - Exchange OIDC tokens for web identity credentials from AWS STS
4. OAuth2 Service provider - Exchange OAuth tokens from Amazon, Facebook, Google, Apple, and Twitter for web identity credentials from AWS STS
5. Custom Service provider - With AWS credentials, exchange claims in any format for web identity credentials from AWS STS
6. Unauthenticated access - Issue limited-access web identity credentials from AWS STS without authentication
7. Role-based access control- Choose an IAM role for your authenticated user based on their claims, and configure your roles to only be assumed in the context of your identity pool
8. Attribute-based access control - Convert claims into principal tags for your AWS STS temporary session, and use IAM policies to filter resource access based on principal tags
#awsecs #cognitoidentitypool #cognitouserpool
** CHECK OUT OUR OTHER VIDEOS **
Create AWS EC2 Instance and Run Springboot Microservice and MongoDB in EC2 Server
AWS EC2 Instance Setup and Run Spring...
Introduction to Salesforce Commerce Cloud Introduction to Salesforce Commerce C...
Kubernetes Tutorial for Beginners Kubernetes Cluster Tutorial for Begin...
Kubernetes Architecture Component & Cluster Kubernetes Master & Worker Node Archi...
Kubernetes Node Affinity Taints & Tolerations Kubernetes Node Affinity Taints & Tol...
Why Python is Number1 language Why Python Programming Language is on...
What is Python function? What is Python Function? | Learn Pyth...
** CHECK OUR PLAYLISTS **
AWS Cloud and Docker Containers Complete Tutorial
Cloud & Container Tutorial with AWS C...
Salesforce commerce cloud SFCC B2B B2C SFMC Capabilities Salesforce Commerce Cloud | SFCC | B2...
CodeOneDigest Learning Shorts
COD Shorts - Java Python Nodejs AWS C...
Kubernetes Cluster Architecture Master & Worker Node Tutorial Kubernetes Cluster Architecture | Mas...
Complete Python Learning Tutorial Playlist
Python Programming Language | The Com...
Spring Boot Complete Tutorial Spring Boot Tutorial with Project Set...
** ABOUT OUR CHANNEL **
CodeOneDigest is a youtube channel for the videos on programming language, cloud and docker container technology in English and Hindi languages.
Check out our channel here:
@codeonedigest
Don’t forget to subscribe!
** OUR WEBSITE **
https://codeonedigest.wordpress.com/
** GET IN TOUCH **
Contact us on [email protected]
FOLLOW US ON SOCIAL - LIKE, SHARE & SUBSCRIBE
Get updates or reach out to Get updates on our Social Media Profiles!
Subscribe: https://bit.ly/3NeWQ8U
Youtube: @codeonedigest
Twitter: Twitter: codeonedigest
Facebook: Facebook: codeonedigest
Instagram: Instagram: codeonedigest
Linkedin: LinkedIn: codeone-digest-10b418255
Reddit: Reddit: codeonedigest
Github: https://github.com/codeonedigest
Website: https://codeonedigest.wordpress.com/
Tumblr: https://www.tumblr.com/codeonedigest
Pinterest: Pinterest: codeonedigest
پارسال
در تاریخ 1402/03/30 منتشر شده
است.
409
بـار بازدید شده