aws-cognito

问题 Question Why AWS Cognito has two places to federate Identity Providers? I think Identity Pool is supposed to be federated with identity providers and wonder why User Pool also can. Kindly suggest the reason why having two locations. Cognito Identity Pool can federate identity providers. Cognito User Pool can federate identity provides as well. 回答1: The Main Difference is how users are saved and what permissions are granted once they signin with idp's using user pool vs identity pool . So,

问题 In AWS, I have built an API gateway which invokes a Lambda function. Users gain access by logging in to a Cognito User Pool associated with a Cognito Federated Identity Pool and the associated IAM roles contain API invoke permissions. The API Gateway method is a POST request. If I use the User Pool as the authorizer of the API Gateway I am able to successfully trigger the Lambda function via an ajax request in my javascript web app - note though, this grants the same access to every user in

问题 I am trying to assign an own domain name to a user pool for Cognito and facing an issue that it seems that an A Record is required. In my case i have registered wildcard on my internet domain and am trying to follow the steps as mentioned in https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-add-custom-domain.html Now i can create an A Record but have no clue where this A Record should point to. Any hints or tips are welcome :) It would be nice if this can be done

问题 AWS Cognito User Pools have some pre-defined events to handle user signup, confirmation etc. The full list is here. However, there is no apparent trigger for deleting a user . So, is there any way one can trigger a Lambda function when a user is deleted from Cognito User Pool (of course, with arguments like username and/or email address)? 来源： https://stackoverflow.com/questions/50876341/triggering-a-lambda-function-upon-deleting-a-user-on-aws-cognito-user-pool

问题 AWS Cognito User Pools have some pre-defined events to handle user signup, confirmation etc. The full list is here. However, there is no apparent trigger for deleting a user . So, is there any way one can trigger a Lambda function when a user is deleted from Cognito User Pool (of course, with arguments like username and/or email address)? 来源： https://stackoverflow.com/questions/50876341/triggering-a-lambda-function-upon-deleting-a-user-on-aws-cognito-user-pool

问题 I've set up the user pool in Cognito and got the JWT token after authenticating the created user via cognito js sdk. And when I try to invoke the assumeRoleWithWebIdentity api it returns an error, below is the sample api call. https://sts.amazonaws.com/ ?Action=AssumeRoleWithWebIdentity &DurationSeconds=3600 &RoleSessionName=app1 &RoleArn=arn:aws:iam::id:role/_cross_account_role &WebIdentityToken=jwtAccessToken &Version=2011-06-15 The api response, <ErrorResponse xmlns="https://sts.amazonaws

问题 Using AWS's Cognito without the hosted UI, given a username, and password I would like to receive an Authorization code grant without using the hosted ui. Is this possible? I am writing my own sign up, log in forms but cannot seem to find documentation on this subject. Currently I can use AWS.CognitoIdentityServiceProvider and the initiateAuth function to exchange username password for tokens, but I do not want to return those tokens in the redirect URL, I would rather return an authorization

问题 Using AWS's Cognito without the hosted UI, given a username, and password I would like to receive an Authorization code grant without using the hosted ui. Is this possible? I am writing my own sign up, log in forms but cannot seem to find documentation on this subject. Currently I can use AWS.CognitoIdentityServiceProvider and the initiateAuth function to exchange username password for tokens, but I do not want to return those tokens in the redirect URL, I would rather return an authorization

问题 I am using AWS Cognito in my application. While doing logout i am calling the Logout Endpoint. But after doing logout, I am still able to generate the id-tokens using the old refresh token. It means my logout endpoint is not working any more. I am saving the tokens in my local storage, And while doing the logout i am clearing the store manually. My Question is: How to properly use the logout mechanism of AWS Cognito? 回答1: I'm not sure which framework you are using, but I'm using Angular.

问题 I am using AWS Cognito in my application. While doing logout i am calling the Logout Endpoint. But after doing logout, I am still able to generate the id-tokens using the old refresh token. It means my logout endpoint is not working any more. I am saving the tokens in my local storage, And while doing the logout i am clearing the store manually. My Question is: How to properly use the logout mechanism of AWS Cognito? 回答1: I'm not sure which framework you are using, but I'm using Angular.