Questions tagged [aws-cognito]
The aws-cognito tag has no usage guidance.
9 questions
0
votes
0
answers
78
views
OAuth2 System Design for Single Sign-On | Auto-Detect Session?
I'm working on configuring my suite of services (in different domains) so that they can all be accessed via Single Sign-On. I'm using AWS Cognito as a wrapper around a SAML Idp (Azure AD).
What I ...
1
vote
0
answers
97
views
Prevention of access to user data running on the cloud
I am building a web-based software as a service (SaaS) platform for engineering simulations that run on the cloud, and wish to prevent my access to user data by design. The user designs a 3D geometry (...
- 129
1
vote
0
answers
129
views
OAuth2/Cognito: Let trusted server act on behalf of user
I'm building a public HTTP JSON API using API Gateway with ID token authentication.
I now need a server that acts on behalf of users. Users message that server using a third party (think Signal or ...
- 11
1
vote
0
answers
133
views
Using AWS Cognito or Firebase Auth can help to certify my app with ISO 27001?
My colleague told me that ISO 27001 require physical server running in the office to store user password. Therefore, using AWS Cognito or Firebase Auth can save us the physical server since they have ...
- 111
1
vote
1
answer
2k
views
Why doesn't Keycloak allow user sign-up and sign-in through a client?
I'm in need of an authentication & authorization service that can manage our app's pool of users. I stumbled upon Keycloak and have been checking it for the past few days, but I'm wondering why ...
- 113
2
votes
1
answer
2k
views
Why is ID token used instead of Access token to get temporary credentials in AWS?
After a user logons to cognito, he receives access and ID tokens. the ID token contains sensitive info like phone number, email, etc..
From all standards - ID token should not be used to gain access ...
- 189
2
votes
0
answers
440
views
Does my app need authentication in addition to Spotify authorization?
I have an app that revolves entirely around Spotify. I have followed the authorization guide from Spotify and am using the Authorization Code Flow so the access token can be refreshed. My thinking was ...
2
votes
0
answers
2k
views
Is it correct to use AWS Cognito groups as user roles?
I trying to implement authN/authZ for my application using Spring Security 5.2.2 and OAuth2/openid connect protocols. I use AWS Cognito as an identity provider and I'm trying to implement role-based ...
- 121
5
votes
2
answers
556
views
What is the use case of request signing in this mobile app?
The API of a mobile app I was testing is sending the AWS AccessKeyId and SecretKey used for request signing from the AWS Cognito server unencrypted (apart from the regular TLS encryption). Making it ...
- 850