认知用户池和联合身份之间的AWS服务差异 [英] aws service difference between cognito user pool and federated identity
问题描述
AWS提供了 cognito ,它为开发人员提供了注册和登录功能,包括具有OpenId的联合身份验证兼容的身份提供者,例如facebook,google等。
AWS provides cognito which provides the developer with sign-up and sign-in functionality including federations with OpenId compatible identity providers such as facebook, google etc.
cognito开发者控制台中有两种类型的类别。这些是管理用户池和管理联合身份。
There are two types of categories in cognito developer console. These are managing user pool and managing federated identities.
我有点困惑,因为即使我们想提供给客户使用他们的Facebook登录名,两者也非常相似帐户。
cognito用户池本身提供联盟,而身份验证池也由身份验证提供程序提供联盟身份。
I'm just a little bit confused because both are very similar even we want to provide our client to login with their facebook account. The cognito user pool itself provides federation and federation identity pool also provide it by authentication providers.
问题是,是否要允许我的客户使用他们自己的Facebook帐户进行登录,我应该使用哪些类别?用户池或联合身份?
The question is that if I want to allow my clients to use their own facebook account for sign-in, which categories should I use? user pool or federated identities?
此外,如果要在API网关中配置授权者,则必须创建认知用户池,但要创建联合身份池。这是选择认知类别的主要原因吗?
In addition, if I want to configure authorizer in API gateway I have to create cognito user pool but federated identity pool. Is that the main reason choosing the cognito category?
推荐答案
您可以将用户池视为包含用户属性的目录的一种例如姓名,电子邮件,电话号码等。这还提供了注册,登录功能。您可以将用户联合到用户池中。当前,您可以将Facebook,Google和SAML用作用户池的身份提供程序。
You can think of user pools as sort of a directory which contains user attributes such as name, email, phone number etc. This also provides sign up, sign in capability. You can federate users into user pools. Currently you can use Facebook, Google, and SAML as identity providers for user pools.
通过Cognito联合身份,您可以将用户联合到AWS中,并出售可用于访问策略中允许的资源的AWS凭证。对于Cognito联合身份,您还可以配置各种身份提供者,例如Facebook,Google和Cognito用户池也可以是身份提供者。
Cognito Federated identities lets you federate users into AWS and vends AWS credentials that can be used to access the resources you allow in your policy. For Cognito Federated Identities, you also have a variety of identity providers that you can configure such as Facebook, Google, and also Cognito User Pools can be an identity provider.
什么您使用的方式取决于您的用例。如果您的应用程序不需要AWS资源,则可能只需要用户池即可。
What you use depends on your use case. If you don't require AWS resources for your app, probably User Pools is all you need.
这篇关于认知用户池和联合身份之间的AWS服务差异的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
