Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why use Cognito User Pool at all? Shouldn't we use Federated Identity Pool? #30

Open
kidsil opened this issue Jan 30, 2017 · 5 comments
Open

Why use Cognito User Pool at all? Shouldn't we use Federated Identity Pool? #30

kidsil opened this issue Jan 30, 2017 · 5 comments

Comments

@kidsil
Copy link
Contributor

kidsil commented Jan 30, 2017

I've been having trouble with Authorization (API Gateway) because of the password field. Diving a little deeper I've looked into the COGNITO_IDENTITY_POOL_ID variables that were added.

Since this boilerplate doesn't include User+Pass auth, is there any reason why we don't use Cognito Federated Identity Pools (as they seem to be more fitting for oauth providers)?
@laardee
Copy link
Owner

laardee commented Feb 3, 2017

@kidsil I had developer authenticated cognito provider example before I refactored it to save user info to cognito user pool, d9ace99#diff-32d3eb1dd8b96b3bdae61b4a635a09e3L30. So, then this needs to be reverted and integrated with user pool.

@kidsil
Copy link
Contributor Author

kidsil commented Feb 3, 2017

I see, may I ask what was the reason of switching to User Pool? It seems that if we're doing Social Oauth Identity Pool is the way to go... I must be missing something..?

@laardee
Copy link
Owner

laardee commented Feb 9, 2017

(As I remember) the initial plan was to save the user info to user pool and then integrate it to federated identities, something like this http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-integrating-user-pools-with-identity-pools.html

This was referenced Feb 9, 2017
Closed
Closed
@rcfrias
Copy link

rcfrias commented Feb 20, 2017

My first thought was that this is in fact a replacement for cognito. Is this authentication method only an alternative to Cognito or it has another advantage?

@laardee
Copy link
Owner

laardee commented Feb 20, 2017

@rcfrias, yes, this boilerplate is an alternative for Cognito in some sense. The idea behind this boilerplate was that it would be a serverless passportjs equivalent - API based server-side authentication that requires no client-side js libraries.

Maybe the main advantages are that no extra libraries in the client are needed and you don't need to use Cognito User Pool for user storage if you don't want or already have an existing user database. And hopefully, in the future, I can support Microsoft Azure and other cloud vendors too.

What comes to this issue, @kidsil and I decided to drop the Federated Identity and try if Cognito User Pool can keep the "session" in server-side when it is used as user storage.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kidsil @rcfrias @laardee