By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How can I implement 'login with aws' for a web application?

0

We are building a web application that asks users to login using their aws account and uses the auth token generated to access specific resources from the user's aws account.

This is similar to the support in Azure and GCP: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app https://developers.google.com/identity/sign-in/web/sign-in

What is the correct way of implementing this for aws?

Investigation done so far:

  • Aws Cognito - We explored aws cognito and it seems like it is a solution to manage our own user pool. Users will need to sign up and signed-in users can sign in. We are looking to access the aws user pool, instead of managing our own user pool.
  • Aws STS - STS has APIs to generate temp credentials for an IAM role, but the STS SDK itself needs to be initialized using our aws credentials. So this scenario is not feasible for web applications.

We are looking for a way which uses the oAuth2 protocol to authenticate the user and return an access token to the web application.

Topics
Security, Identity, & ComplianceAWS Well-Architected Framework
Tags
Security, Identity, & ComplianceAWS Identity and Access ManagementAmazon CognitoSecurity
Language
English
Luminous
asked a year ago303 views
1 Answer
0

AWS has the ability to connect OIDC identity providers. Check out this link below: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-oidc-idp.html

You can create and manage the user pools through the instructions below. https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html

AWS
rePost-User-venky
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content