AWS Cognito-用户池联合与身份池联合 [英] AWS Cognito - User Pool Federation vs Identity Pool Federation
问题描述
为什么AWS Cognito有两个地方可以联合身份提供商?我认为身份池应该与身份提供者联合,并且想知道为什么用户池也可以。请提出拥有两个位置的原因。
Why AWS Cognito has two places to federate Identity Providers? I think Identity Pool is supposed to be federated with identity providers and wonder why User Pool also can. Kindly suggest the reason why having two locations.
Cognito身份池可以联合身份提供者。
Cognito Identity Pool can federate identity providers.
Cognito用户池也可以提供联盟身份。
Cognito User Pool can federate identity provides as well.
推荐答案
用户池
用户池用于身份验证(身份验证)。通过用户池,您的应用程序用户可以通过用户池登录(本质上是Amazon Cognito中的用户目录),也可以通过第三方身份提供商(IdP)联合身份,例如Google,Facebook,Amazon等社交身份提供商,或Apple,并通过SAML身份提供商。
User pools are for authentication (identity verification). With a user pool, your app users can sign in through the user pool (which is essentially a user directory in Amazon Cognito) or federate through a third-party identity provider (IdP), for example social identity providers like Google, Facebook, Amazon, or Apple, and through SAML identity providers.
成功验证用户身份后,Amazon Cognito发行可用于保护和的JSON Web令牌(JWT)。授权访问您自己的API,或交换AWS凭证(在此处使用Identity Pool)。
After successfully authenticating a user, Amazon Cognito issues JSON web tokens (JWT) that you can use to secure and authorize access to your own APIs, or exchange for AWS credentials (here is where Identity Pool comes into play).
使用用户池,当您需要:
Use a user pool when you need to:
- 设计应用程序的注册和登录网页时。
- 访问和管理用户数据。
- 跟踪用户设备,位置和IP地址,并适应不同风险级别的登录请求。
- 为您的应用使用自定义身份验证流程。
- Design sign-up and sign-in webpages for your app.
- Access and manage user data.
- Track user device, location, and IP address, and adapt to sign-in requests of different risk levels.
- Use a custom authentication flow for your app.
身份池
身份池用于授权(访问控制)。使用身份池,您可以获得临时的,特权有限的AWS凭证来访问其他AWS服务。
Identity pools are for authorization (access control). With an identity pool, you can obtain temporary, limited-privilege AWS credentials to access other AWS services.
在需要时使用身份池到:
Use an identity pool when you need to:
- 让您的用户访问AWS资源,例如Amazon Simple Storage Service(Amazon S3)存储桶或Amazon DynamoDB表。
- 为未经身份验证的用户生成临时AWS凭证(用户池支持匿名来宾用户)。
身份池提供AWS凭证,以授予您的用户访问其他AWS服务的权限。为了使用户池中的用户能够访问AWS资源,您可以配置身份池以交换用户池令牌以获取AWS凭证。
Identity pools provide AWS credentials to grant your users access to other AWS services. To enable users in your user pool to access AWS resources, you can configure an identity pool to exchange user pool tokens for AWS credentials.
来源:
https://aws.amazon.com/premiumsupport/knowledge-center/cognito-user-pools-identity-pools/
https://docs.aws.amazon。 com / cognito / latest / developerguide / cognito-user-identity-pools.html
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html
这篇关于AWS Cognito-用户池联合与身份池联合的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
