AWS Cognito:Cognito ID和sub之间的区别,我应该使用什么作为主键? [英] AWS Cognito: Difference between Cognito ID and sub, what should I use as primary key?
问题描述
我正在使用AWS Cognito构建无服务器后端以进行用户管理。
Im building a serverless backend using AWS Cognito for user administration.
Cognito使用 cognitoId
和 sub
来标识用户。
Cognito uses both cognitoId
and sub
to identify a user.
此项目来自awslabs的官方文档使用cognitoId作为数据库表中的主键来将数据链接到用户对象,但是有关 sub
的文档明确指出:
This project from the official awslabs uses the cognitoId as primary key in the database tables to link data to a user object, but the documentation about sub
clearly states:
sub
:已认证用户的UUID。这与用户名
不同。
sub
: the UUID of the authenticated user. This is not the same asusername
.
问题:我应使用 cognitoID
或 sub
作为主键吗?
Question: What should I use as primary key, cognitoID
or sub
?
推荐答案
命名可能会引起混淆,我会尽力澄清。
The naming can get confusing, I'll try to clarify.
通常有两个池Amazon Cognito的保护伞:
There are typically two pools under the umbrella of Amazon Cognito:
- 用户池
- 身份池(联合身份)
您所指的子通常在IAM策略中表示为
The "sub" that you are referring to is typically expressed in IAM Policies as
$ {cognito-identity.amazonaws.com:sub}
${cognito-identity.amazonaws.com:sub}
并将解析为找到的值在(在javascript sdk中)
and will resolve to the value found in (in the javascript sdk)
AWS.config.credentials.identityId
AWS.config.credentials.identityId
类似于
us-east-1:######## -####-####-####-############
us-east-1:########-####-####-####-############
只有刷新凭据后,凭据上才会存在。
It will only exist on the credentials once the credentials have been refreshed.
因此,请回答您的问题,子。
So to answer you question, the sub.
这篇关于AWS Cognito:Cognito ID和sub之间的区别,我应该使用什么作为主键?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!