By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Use Cognito as primary identity provider for non-AWS-hosted applications?

0

Hello,

Is it possible to use Cognito as primary identity provider for non-AWS-hosted applications?

AUTHENTICATION: It seems to be possible to do authentication via the Cognito User Pools. I see it returns an access token after authentication: http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html

DOWNSTREAM AUTHORIZATION: Assuming trust with the downstream non-AWS-hosted service provider, I'm not sure how any authorization could happen within this service provider considering I don't see any standard token (SAML...) being provided by Cognito. Any way to forward a standard token to a downstream non-AWS-hosted service provider?

Thanks!

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access ManagementAmazon Cognito
Language
English
AWS
AWS-User-5122861
asked 7 years ago413 views
1 Answer
0
Accepted Answer

You can accomplish custom authorization in your downstream apps by using the Cognito User Pool Groups. You can place your users into groups on the Cognito side. The JWT ID Token will contain the role values associated with the user in the cognito:roles claim. You will then grant the appropriate authorization level based on the role that the user is assigned.

Here's more info: http://docs.aws.amazon.com/cognito/latest/developerguide/role-based-access-control.html

AWS
AWS-User-2528356
answered 7 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content