- 최신
- 최다 투표
- 가장 많은 댓글
It appears that you are using Amazon Cognito Hosted UI to handle user authentication for your web application. When a user signs in to your application using Cognito Hosted UI, the following process occurs:
The user is redirected to the Cognito Hosted UI login page. The user enters their login credentials and submits the form. If the login is successful, Cognito Hosted UI exchanges the login response code for a set of access and refresh tokens. Cognito Hosted UI then sends a set-cookie header in the HTTP response with the access and refresh tokens as the cookie value. Therefore, the correct answer to your question is:
A. Cognito Hosted UI (exchange response code then set-cookie via HTTP response header)
The set-cookie header is sent by Cognito Hosted UI in the HTTP response after the user successfully signs in, and it is stored in the web browser's cookie storage by the web browser.
관련 콘텐츠
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 2년 전
Thank you for very clear explanation, I understand that flow. I am still confused because two things.
After successfully logged in with the Cognito Hosted UI, I see the redirect_url with an appended code like: mydomain.amplify.com/?code=12345xxx => what does this mean? Does this mean mydomain.amplify.com will exchange the code for credentials (IdToken, AccessToken) and set credentials into my browser cookie?
The amplify configuration below. My web is NextJS. Does this mean that the Amplify JS code living inside web browser exchange the code for credentials and set credentials to cookie? If I remove cookieStorage setting, then the credentials will be stored in LocalStorage instead.
and client/browser call