- 最新
- 最多得票
- 最多評論
When using federation it is often confusing which entity is playing which role at what point.
When you integrate Cognito with Google as an ODIC identity provider, Cognito is the corresponding relying party ("app") in the relationship with Google, not your "Server"(App). Cognito is using the client id/secret to do the code exchange. Cognito does that behind the scene and it is not visible to you. After that Cognito gives your application the tokens Cognito itself generates.
Please refer to the diagram and description here for how the signals flow: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-oidc-flow.html
Cognito acts as a relying party which provides token handling and management for authenticated users from all identity providers, so your backend systems can standardize on one set of user pool tokens.
相關內容
AWS 官方已更新 2 年前- AWS 官方已更新 1 年前
- AWS 官方已更新 10 個月前
Thank you for claryfying & reply. So I need a Hosted UI just as a redirect endpoint used by Google for the OAuth workflow Will probably use Amplify in my react app together with Google Login & dont need a Hosted UI but the Google identity provider does need a Hosted UI probably.