I am trying to authenticate my users based on their spotify account. But I am pretty new in AWS services and I am not sure about which one I should use whether Cognito, custom auth lambda function or any other service.
Asked
Active
Viewed 465 times
1 Answers
1
As far as I understand, Spotify provides an OAuth 2.0 endpoint in accordance to RFC 6749 [1] for external application developers. Since you want to authenticate your users based on the OAuth 2.0 protocol, please note that OAuth is not primarily an authentication protocol [2]. That is why Spotify calls it Authorization Guide [3] in their docs.
AWS Cognito does not support OAuth 2.0 because it is designed for solving the authentication problem. [4]
It supports OpenID Connect (OIDC) instead. There are articles which explain the differences between OIDC and OAuth, e.g. [5].
If you want to use OAuth tokens with your API Gateway nonetheless, another SO thread [4] mentions that you can do so by using a Custom Authorizer [6][7]. You can use the token to access the Spotify backend, but I am not sure whether you can validate it directly. I doubt it because of the above AuthZ vs AuthN reasons.
References
[1] https://www.rfc-editor.org/rfc/rfc6749#section-4.1
[2] https://oauth.net/articles/authentication/
[3] https://developer.spotify.com/documentation/general/guides/authorization-guide/
[4] https://stackoverflow.com/a/33686216/10473469
[5] https://medium.com/@abstarreveld/oauth-and-openid-explained-with-real-life-examples-bf40daa8049f
[6] https://aws.amazon.com/de/blogs/compute/introducing-custom-authorizers-in-amazon-api-gateway/
[7] https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html
Community
- 1
- 1
Martin Löper
- 6,471
- 1
- 16
- 40