AWS re:Invent 2017: [REPEAT] Serverless Authentication and Authorization: Identity M (SRV403-R)

Рет қаралды 39,762

Күн бұрын

Пікірлер: 13

@VladimirOdessit 7 жыл бұрын

The app that we referenced during the talk: github.com/awslabs/aws-serverless-auth-reference-app Here's a sample single-page web-app written in Angular using Cognito and running on S3 (completely serverless): github.com/awslabs/aws-cognito-angular-quickstart Serverless Photo Recognition using most of the services we talked about, in addition to Amazon Rekognition: github.com/awslabs/serverless-photo-recognition Blog post: aws.amazon.com/blogs/ai/use-amazon-rekognition-to-build-an-end-to-end-serverless-photo-recognition-system/

@danielpapukchiev3754 7 жыл бұрын

Hello, we are using Cognito Federated Identities for Facebook and Google auth and Cognito Userpools for username/password flows. Our back-end is a serverless API with API Gateway. To protect it we wanted to use aws_iam authorizer but we reached a problem. To refresh aws keys with Cognito Federated Identities we have to supply the original Facebook/Google/Cognito tokens which also expire in a short period of time. How would a user coming from Facebook for example refresh his/hers AWS keys given from Cognito federated identities? In the end we decided to issue our own JWT tokens with refresh tokens via DynamoDB + custom lambda authorizers which validate those tokens, so all users go trough the same refresh flow apposed to using each identity provider refresh mechanism in the front end.

@VladimirOdessit 7 жыл бұрын

Take a look at this documentation: docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html

@NS38845 7 жыл бұрын

I like how you numbered this 403

@VladimirOdessit 7 жыл бұрын

Good catch :)

@michaelchambers236 6 жыл бұрын

Thank you both. Great presentation and very helpful!

@gummibare 6 жыл бұрын

Why is it that AWS passes the ID token to retrieve credentials from Federated Identities? Specifically at 9:50. Isn't Access Token the ideal token to use in this case, since it twas specifically meant for providing access to APIs?

@gireeshkumarmn2796 5 жыл бұрын

Awesome! content and the best one to get started with cognito.

@VladimirOdessit 5 жыл бұрын

Glad to hear it :)

@elritualk 6 жыл бұрын

Hi, first thanks for this overview. I have a question: User Pool -> Federation cost money based on MAU and Federated Identity is free no matter what MAU you have?