Database Reference
In-Depth Information
The web identity federation involves the following things:
1. The client application asks the user to log in with any of the identity providers
and then sends the information to the identity provider for verification.
2. In response, the identity provider sends a web identity token to the client.
3. The app then calls the AWS STS service, sending the web identity as the input.
4. AWS STS generates a temporary AWS credential token for the client and sends it
back to it with some role attached to the token/user.
5. The app then calls DynamoDB to access the desired table. Depending on the
policy details, IAM decides whether the access is granted or not. The policy state-
ment is the same as the one we have seen in last couple of sections.
This way, using web identity federation, you can handle authorization and authentication
of users for applications with a large number of user base.
