AWS Cognito:我是否需要其他AWS服务写一个全功能注册/登入资讯系统?登入、全功能、系统、资讯
我计划写出来与AWS处理后端工作的一个移动应用程序。像许多常见的应用程序,该矿将支持用户注册和登录。所有后端资源应该是安全的基于用户的角色。
阅读AWS Cognito后,它可以同时处理开放身份验证提供者和开发者身份验证提供。这有助于支持第三方登录。同步数据的能力是一大利好。
不过,我有Cognito一些问题,当我试图进一步落实。
什么是用户凭证存储? 我要创建一个新用户时添加更多的用户属性(如电子邮件,个人资料图片等)。可以Cognito处理呢?或者我需要使用存储像S3存储整个用户配置文件? 是否Cognito支持电子邮件验证的用户注册? 是否Cognito手柄忘记密码功能?所有建议都欢迎。
解决方案亚马逊Cognito不保存凭据。相反,它可以让你卸载了安全存储凭据任何OpenID的连接,投诉凭据提供如任务,但不限于,Facebook,谷歌和登录亚马逊。
如果你有一个凭据提供程序,是不是OpenID的连接标准,则可以使用开发者认证标识的能力,利用另一种身份验证系统作为凭证存储(比如你所在的后端服务)。登记,电子邮件验证,而忘记密码的功能将由身份提供商进行处理:无论是一个OpenID连接提供商(比如Facebook),或通过开发者认证标识自己的供应商
Cognito的同步功能使您能够存储的个人资料信息或特定于当前用户的任何其他信息的能力(简称中Cognito身份)。有一个关于使用Cognito同步存储和放一个良好的博客文章;这里同步数据。
I am planning to write a mobile app with AWS handling the backend work. Like many common apps, mine will support user registration and login. All backend resources should be secure based on the user's role.
After reading AWS Cognito, it handles both Open authentication provider and Developer Authentication provider. This helps to support third party login. The capacity of syncing data is a big plus.
However, I have some questions about Cognito when I try further implementation.
What are the user credentials stored? I need to add more user attributes (eg. email, profile image etc.) when a new user is created. Can Cognito handle this? Or do I need to use storage like S3 to store the entire user profile? Does Cognito support email verification for user registration? Does Cognito handle 'forgot password' feature?
All advices are welcomed.
解决方案Amazon Cognito does not store credentials. Instead, it allows you to offload the task of securely storing credentials to any OpenID Connect-complaint credential provider such as, but not limited to, Facebook, Google, and Login With Amazon.
If you have a credential provider that is not OpenID Connect compliant, you can use the Developer Authenticated Identities capability to leverage another authentication system as a credential store (such as your own back-end service). Registration, email verification, and forgot password features would be handled by the Identity Provider: Either an OpenID Connect provider (e.g. Facebook) or your own provider via Developer Authenticated Identities.
Cognito's Sync capability gives you the ability to store profile information or any other information specific to the current user (referred to as "identity" in Cognito). There is a good blog post about using Cognito Sync to store & synchronize data here.
