I have a web application with existing login flows integrated with an external IdP for authentication. Now as part of the same UI, I'm introducing a new sub functionality that calls an API via API gateway. My requirement is to authorize this API call without re-authenticating the user and no changes to existing authentication flow. I have the following questions -
- Would you recommend using Cognito in this scenario or use the existing IdP integration and authorize the API via Lambda Authorizer?
- Could both work together - i.e continue using the existing IdP integration but leverage cognito only for the new functionality without re-authentication? If yes, can you please share some references or approach on how to configure this?
- Following point 2, is it possible to exchange the IdP tokens with Cognito tokens without re-authenticating the user? If yes, what the API/command to do so?
AWS 官方已更新 2 年前