AWS Cognito：Cognito ID和sub之间的区别，我应该使用什么作为主键？ [英] AWS Cognito: Difference between Cognito ID and sub, what should I use as primary key?

问题描述

我正在使用AWS Cognito构建无服务器后端以进行用户管理。

Im building a serverless backend using AWS Cognito for user administration.

Cognito使用 cognitoId 和 sub 来标识用户。

Cognito uses both cognitoId and sub to identify a user.

此项目来自awslabs的官方文档使用cognitoId作为数据库表中的主键来将数据链接到用户对象，但是有关 sub 的文档明确指出：

This project from the official awslabs uses the cognitoId as primary key in the database tables to link data to a user object, but the documentation about sub clearly states:

sub ：已认证用户的UUID。这与用户名不同。

sub: the UUID of the authenticated user. This is not the same as username.

问题：我应使用 cognitoID 或 sub 作为主键吗？

Question: What should I use as primary key, cognitoID or sub?

推荐答案

命名可能会引起混淆，我会尽力澄清。

The naming can get confusing, I'll try to clarify.

通常有两个池Amazon Cognito的保护伞：

There are typically two pools under the umbrella of Amazon Cognito:

• 用户池


• 身份池（联合身份）

您所指的子通常在IAM策略中表示为

The "sub" that you are referring to is typically expressed in IAM Policies as

$ {cognito-identity.amazonaws.com:sub}

${cognito-identity.amazonaws.com:sub}

并将解析为找到的值在（在javascript sdk中）

and will resolve to the value found in (in the javascript sdk)

AWS.config.credentials.identityId

AWS.config.credentials.identityId

类似于

us-east-1：######## -####-####-####-############

us-east-1:########-####-####-####-############

只有刷新凭据后，凭据上才会存在。

It will only exist on the credentials once the credentials have been refreshed.

因此，请回答您的问题，子。

So to answer you question, the sub.

这篇关于AWS Cognito：Cognito ID和sub之间的区别，我应该使用什么作为主键？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！