1 個回答
- 最新
- 最多得票
- 最多評論
0
I am not from Amplify SDK team, but try to answer your inquiry from what I understand.
- Is this package amazon-cognito-identity-js being deprecated or there is any security issue with it?
Yes, this package is deprecating. It is not due to security issue but mainly due to the features provided in this package has been covered by aws-amplify auth SDK. The team will focus on maintaining one single SDK instead both amplify and cognito-identity-js.
cognito-idp component in AWS SDK for JavaScript provides basic functionalities at the Cognito service API at the level. https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/Welcome.html
Amplify SDK provides enhanced client application feature sets.
For examples,
- JavaScript SDK does not provide SRP password algorithms, built application with it would need own implementation of that if using USER_SRP auth flow.
- Client side token storage, token auto-refresh is not implemented in JavaScript SDK but well handled in Amplify SDK.
- etc...
已回答 1 個月前
相關內容
- 已提問 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 6 個月前
- AWS 官方已更新 3 年前
Hi Yungang, thanks for the update. We understand this, but it is not definitive whether this package will be deprecated within the next X months or couple of years. We would like to understand if it is critical that we change and start using Amplify V6 straight away, or not.