I have recently started to work with the AWS SDK and how a user can authenticate with Cognito in an identity pool. When querying the credentials I have the following question: To what extent do the following approaches differ?
- approach: getId() and getCredentialsForIdentity():
const cognitoidentity = new AWS.CognitoIdentity()
var params = {
IdentityPoolId: 'STRING_VALUE', /* required */
AccountId: 'STRING_VALUE',
Logins: {
'<IdentityProviderName>': 'STRING_VALUE',
/* '<IdentityProviderName>': ... */
}
};
cognitoidentity.getId(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});
var params = {
IdentityId: 'STRING_VALUE', /* required */
CustomRoleArn: 'STRING_VALUE',
Logins: {
'<IdentityProviderName>': 'STRING_VALUE',
/* '<IdentityProviderName>': ... */
}
};
cognitoidentity.getCredentialsForIdentity(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // data AccesKeyId,Expiration, SecretKey, SessionToken
});
- approach:
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: identityPoolId,
Logins:{
'Provider': jwtToken
},
region: "eu-central-1"
});
AWS.config.credentials.get(function(){
// Credentials will be available when this function is called.
const{ accessKeyId} = AWS.config.credentials
const {secretAccessKey} = AWS.config.credentials
const {sessionToken} = AWS.config.credentials
})
the credentials of the two attempts are different, the SessionToken is the same. What is the difference between the SecretKey obtained in the first attempt and the SecretAccesKey obtained in the second attempt?
What are the differences between the two attempts?
The first attempt : enhanced simpliefied authflow with GetId and GetCredentialsForIdentity https://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flow.html
second attempt: https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/loading-browser-credentials-cognito.html
I am grateful for any help :)
https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityCredentials.html
According to this it is doing the same thing in the background.The difference in syntax for SecretKey and SecretAccesKey appears to be purely cosmetic. I have noticed the same in boto3. Regardless, you can pass either with accesskey and sessionid to authenticate other AWS services.