问题
Im building a serverless backend using AWS Cognito for user administration.
Cognito uses both cognitoId and sub to identify a user.
This project from the official awslabs uses the cognitoId as primary key in the database tables to link data to a user object, but the documentation about sub clearly states:
sub: the UUID of the authenticated user. This is not the same asusername.
Question: What should I use as primary key, cognitoID or sub?
回答1:
The naming can get confusing, I'll try to clarify.
There are typically two pools under the umbrella of Amazon Cognito:
- User Pool
- Identity Pool (Federated Identities)
The "sub" that you are referring to is typically expressed in IAM Policies as
${cognito-identity.amazonaws.com:sub}
and will resolve to the value found in (in the javascript sdk)
AWS.config.credentials.identityId
which will look something like
us-east-1:########-####-####-####-############
It will only exist on the credentials once the credentials have been refreshed.
So to answer you question, the sub.
回答2:
sub(subject) is globally unique and hence is unique for user pool as well.- Unlike username, which can be reassigned to another user in user pool, sub is never reassigned.
Source
来源:https://stackoverflow.com/questions/42645932/aws-cognito-difference-between-cognito-id-and-sub-what-should-i-use-as-primary