stackoom
  简体   繁体   中英

AWS Lambda with Cognito right approach

 原文  2019-04-11 19:44:17       amazon-web-services/ amazon-cognito/ serverless-framework

Question

I would like to make a simple API available to a client. The client uses the output of my API within his application. The API is a pretty simple one. I'm deploying with the serverless framework to AWS Lambda. The functions exposed via the API don't use any other AWS services (like S3 etc).

My question is what kind of authentication to use. I was thinking to try to use cognito for this.

1. Question: Does this make sense? Or is for this simple use case even an easier option available?

2. Question: So I get this right. I would first create a user pool. Then create an identity pool based on this user pool?

3. Question: At the end, my client gets the access token from cognito and attaches is to the header in the request. This gives him then access through API Gateway to my REST API and the lambda function is triggered. But how does the client in the first place can create an "account" doe the user pool? Am I involved i this?

1 answers

solution1
 1 ACCPTED  2019-04-12 07:11:25

Cognito Authentication does sound like a good option for this use-case. You can have a flow as follows:

Cognito User Pool Authentication -> Token passed as header to the API in API Gateway -> API returns JSON data after successful authentication [a].

I would like to emphasise that a Cognito User Pool is enough to satisfy this use-case. Cognito User Pools are used for Authentication, and Cognito Identity Pools are used for Authorization. Cognito Identity Pools essentially generates temporary AWS credentials, which are vended by AWS STS. Hence, I do not see where you would require Cognito Identity Pools here.

And to generate a JWT Token, you would need to have the user perform a successful authentication operation. To perform a successful authentication operation that returns tokens, you could have a look at the InitiateAuth API call[b].

References

[a]. https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html

[b]. https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS Lambda Cognito access Authentication with Lambda and AWS Cognito AWS cognito users list : lambda AWS Cognito and Lambda: JWT expiration AWS Cognito lambda triggers twice AWS Lambda response in Java for Cognito AWS Cognito adminCreateUser from Lambda Is the AWS Cognito right tool here? Using AWS Cognito and AWS Lambda to authenticate users Using AWS Cognito from Lambda for .NET
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM