Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS Cognito: Difference between Cognito ID and sub, what should I use as primary key?

Tags:

Im building a serverless backend using AWS Cognito for user administration.

Cognito uses both cognitoId and sub to identify a user.

This project from the official awslabs uses the cognitoId as primary key in the database tables to link data to a user object, but the documentation about sub clearly states:

sub: the UUID of the authenticated user. This is not the same as username.

Question: What should I use as primary key, cognitoID or sub?

like image 778
Vingtoft Avatar asked Mar 07 '17 10:03

Vingtoft

People also ask

How do I get my Cognito access key?

To do so, open the Amazon Cognito console , choose Manage identity pools, select your identity pool, choose Edit identity Pool, specify your authenticated and unauthenticated roles, and save the changes. To use the Amazon Web Services Documentation, Javascript must be enabled.

What is sub in Cognito user?

Cognito uses both cognitoId and sub to identify a user. This project from the official awslabs uses the cognitoId as primary key in the database tables to link data to a user object, but the documentation about sub clearly states: sub : the UUID of the authenticated user. This is not the same as username .

What is the main difference between Cognito user pool and Cognito identity pool?

With a user pool, your app users can sign in through the user pool or federate through a third-party identity provider (IdP). Identity pools are for authorization (access control). You can use identity pools to create unique identities for users and give them access to other AWS services.

What is cognitoIdentityId?

cognitoIdentityId as the user Id. This is the Id that a user is assigned through the Identity Pool. However, you cannot use this Id to look up information for this user from the User Pool. This is because to access your Lambda function, your user needs to: Authenticate through your User Pool.

1 Answers

The naming can get confusing, I'll try to clarify.

There are typically two pools under the umbrella of Amazon Cognito:

  • User Pool
  • Identity Pool (Federated Identities)

The "sub" that you are referring to is typically expressed in IAM Policies as

${cognito-identity.amazonaws.com:sub}

and will resolve to the value found in (in the javascript sdk)

AWS.config.credentials.identityId

which will look something like

us-east-1:########-####-####-####-############

It will only exist on the credentials once the credentials have been refreshed.

So to answer you question, the sub.

like image 183
bleuf1shi Avatar answered Sep 16 '22 14:09

bleuf1shi
Sign in to Comment

Related questions

Angular 4 Can't bind to <property> since it isn't a known property of <component>
Manually trigger pipe update
DBeaver file encoding (cp1250 - Windows-1250) - change default encoding?
Dependency for SMS Retriever API
Printing extra training metrics with Tensorflow Estimator
What are std::vector deduction guides in C++17?
How to use webpack with a monorepo (yarnpkg workspaces)
How can I remove border lines when using geom_sf? [closed]
Add field not in schema with mongoose
iOS 12 terminates apps in the background for no reason
How to concatenate constant string with jsonpath
How to resolve app validation "The app references non-public selectors in Payload/MyApp.app/MyApp: _setAlwaysRunsAtForegroundPriority:"?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!