1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
It seems like they're trying to fight the conventional pattern. Serverless or not, why would they not authenticate & authorize the user directly via Cognito first, and then use the Cognito JWT as authN/Z to the api call? Everything they are after (group based policies, access control on the api) is essentially trivial if they do the identity bits first.
Contenus pertinents
- demandé il y a 7 mois
- demandé il y a un an
- demandé il y a 2 mois
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 2 ans