AWS Cognito: Difference between Cognito ID and sub, what should I use as primary key?

Question

AWS Cognito: Difference between Cognito ID and sub, what should I use as primary key?

Im creating a serverless backend using AWS Cognito to administer users.

Cognito uses both cognitoId and sub to identify the user.

This official awslabs project uses cognitoId as the primary key in database tables to bind data to a user object, but the sub documentation clearly states:

sub : UUID of the authenticated user. This is not the same as username .

Question: What should be used as a primary key, cognitoId or sub ?

+10

amazon-web-services aws-cognito

Vingtoft Mar 07 '17 at 10:34

source share

2 answers

sub ( sub ject) is globally unique and therefore unique to the user pool.
Unlike a username that can be reassigned to another user in the user pool, sub is never reassigned.

A source

+3

Premraj Nov 27 '18 at 1:23

source share

bleuf1shi · Accepted Answer · 2017-03-23T01:10:00+0000

Naming may be confused, I will try to clarify.

There are usually two pools at Amazon Cognito Zoo:

User pool
Identity Pool (Federated Identifiers)

The "Sub" you are talking about is usually expressed in IAM as

$ {cognito-identity.amazonaws.com:sub}

and will solve the value found in (in javascript sdk)

AWS.config.credentials.identityId

which will look something like

we-east-1: ############ - ######## - ############

It will exist only in the credentials as soon as the credentials are updated.

So, to answer your question, sub .

AWS Cognito: Difference between Cognito ID and sub, what should I use as primary key?

More articles: