Using a new API announced by Amazon Web Services, developers can use Amazon.com, Facebook, or Google’s sign-in systems for their cloud-based apps.
Perhaps more importantly for end users, Amazon Web Services has also integrated the recently announced Login with Amazon, a free service that lets third party apps and websites use the online retail giant’s system for authenticating users. Login with Amazon eliminates the need for users to create a new account and password for each site, and instead allows them to sign in using their existing Amazon account information, Amazon said.
Amazon calls the concept web identity federation, and the new AWS Security Token Service (STS) API (application programming interface) simplifies the development process by letting users integrate web-based sign-in platforms with their apps without having to write any server-side code, according to Amazon.
The API — which is called AssumeRoleWithWebIdentity — requests temporary security credentials for users that have been authenticated using one of the three public identity providers. An app can then use the temporary credentials to access AWS resources such as Simple Storage Service (S3) objects, DynamoDB tables, or Simple Queue Service queues.
A smartphone app can store player and score information in an Amazon S3 bucket or an Amazon DynamoDB table, according to Amazon. Because the app needs to be able to distinguish individual users, users cannot be anonymous, it said.
To help developers get started, Amazon has published an article entitled “Creating temporary security credentials for mobile apps using identity providers” on the AWS documentation website, which includes code examples.