These two types of pool, both user and identity, can be used together or separately, depending on the functional requirements of your mobile app. The following diagram shows gaining access to AWS resources via the user pool for token generation:
This diagram is explained in the following steps:
- Tokens are received from a third-party IdP, such as Facebook. The user pool then manages these tokens and authenticates the user to the app.
- The tokens are then exchanged for temporary credentials, based upon an associated IAM role with set permissions through the identity pool.
- When these permissions have been assumed, the user of the mobile app is then authenticated and authorized to access the appropriate AWS services.
The diagram that follows shows users gaining access to AWS resources via the identity pool without the user pool:
This diagram is explained in the following steps:
- A user authenticates with a third-party IdP, such as Facebook...