- Newest
- Most votes
- Most comments
Using AWS IoT Core to authenticate desktop apps is definitively an option. You can use X509 certificates which can be stored in the OS keychain, and you can also use the certificate to obtain temporary STS credentials in order to directly access AWS services in case MQTT protocol is not sufficient. With AWS IoT Core you can also leverage additional services like Device Defender, Registry, Fleet Indexing, which are not available when using API Gateway. Another main difference is that with AWS IoT Core you do not need to maintain a PKI infrastructure to manage the certificates.
You would still need to solve how the app obtains its unique certificate, one option being using Fleet provisioning.
What about using Cognito for user authentication management?
Simple authentication processes can be created with Cognito.
https://aws.amazon.com/jp/cognito/
Wouldn't that mean, that I have to implement login in my client application? I want to use it similarly to an IoT device, so I know it's a certain device, but I don't want to require user to log into it.
Indeed, with Cognito, you need to implement a login function. API Gateway can also be used for certificate authentication, so please review the following document to determine if it is appropriate for your use case. https://aws.amazon.com/jp/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway/
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Thanks, I think this is exactly what I'm looking for.