1 個回答
- 最新
- 最多得票
- 最多評論
0
It seems like they're trying to fight the conventional pattern. Serverless or not, why would they not authenticate & authorize the user directly via Cognito first, and then use the Cognito JWT as authN/Z to the api call? Everything they are after (group based policies, access control on the api) is essentially trivial if they do the identity bits first.
相關內容
- AWS 官方已更新 3 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前