问题
This is a question about vendor lock in and AWS cognito. Can user data and encrypted/hashed passwords be exported out of cognito if we ever move off of AWS?
Can/does cognito use standard hashing or configurable hashing of the user passwords or allow export of things like tokens?
回答1:
At this point in time, Cognito does not allow a way to export users from a user pool. We have heard this request from other customers, though, and have prioritized it for future releases.
As far as passwords go, Cognito uses secure remote password protocol to do the actual authentications, so the metadata that could come out may not be particularly useful, if it was included at all.
回答2:
Considering Amazon still haven't updated their answer, here's a workaround (to augment the accepted answer):
Try npmjs.com/package/cognito-backup-restore.
nb. I haven't tested this package.
Then:
- Build your replacement auth system
- At login, test authenticating with your new system
- Try to authenticate with Cognito
- If Cognito succeed, import user's details to your new system
- Require a password update with your new system
source: forums.aws.amazon.com/thread.jspa?threadID=240242
回答3:
Cognito actually has the capability to import users using CSV files, however no export functionality is available ( unless you List Users and write to a CSV )
来源:https://stackoverflow.com/questions/40059151/can-you-export-migrate-users-out-of-aws-cognito-does-it-cause-vendor-lock-in