Obviously I don't know too much about cognito because I spent the last two hours attempting to authenticate my users with cognito and realized that they weren't authentication providers but rather organizers of credentials.Then I thought of an easier workaround instead of creating a entirely new backend for authenticating users and wanted to verify its viability.
I was thinking that I would have users come onto my app and automatically be authenticated with Cognito as an unauthenticated user. Then I would use calls to AWS Lambda and Dynamodb (where my data is stored) and use either a facebookID, which would be obtained from a logged in Facebook user, or a username/password combo to do a basic check and authenticate a user. I was wondering if this was safe, or if it was unsafe as maybe there's a way for people to fake unauthenticated user access and query my database using facebookID's to do so? Please let me know if any part of this isn't clear and I will elaborate.
Aucun commentaire:
Enregistrer un commentaire