Please enable JavaScript.
Coggle requires JavaScript to display documents.
Credential Access Management, Token Vending Machine Concept,…
Credential Access Management
AWS Security Token Service
can Fedarate MS Active Directory
can Federate Facebook
can Federate Google
Gets Input from AWS IAM
temporarily grants credential access to users/applications
Cognito
designed for mobile applications
Typically flow Authentication flows
App calls Identity Broker of IDP
Broker asks
MS Active Directory
Federate Google
Federate Facebook
Authentication complete at Identity Broker
Token Vending Machine Concept
Common Way to issue temporary credentials for mobile App development
Two modes
Anonymous - does not store user identity
Identity - registration login and authorizations
Cognito and related SDKs are recommended by AWS
Authentication ends with Feedback to Identity Broker
Broker starts Authorization
Asking STS for Token
STS Issues Token to App
App can authorize at AWS Services if Identity has access to it
