Im building a serverless backend using AWS Cognito for user administration.
Cognito uses both cognitoId and sub to identify a user.
This project from the official awslabs uses the cognitoId as primary key in the database tables to link data to a user object, but the documentation about sub clearly states:
sub: the UUID of the authenticated user. This is not the same asusername.
Question: What should I use as primary key, cognitoID or sub?
The naming can get confusing, I'll try to clarify.
There are typically two pools under the umbrella of Amazon Cognito:
The "sub" that you are referring to is typically expressed in IAM Policies as
${cognito-identity.amazonaws.com:sub}
and will resolve to the value found in (in the javascript sdk)
AWS.config.credentials.identityId
which will look something like
us-east-1:########-####-####-####-############
It will only exist on the credentials once the credentials have been refreshed.
So to answer you question, the sub.
sub is globally unique and hence is unique for user pool as well. sub might be subscription Source
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 我命由我不由天 的文章《AWS Cognito: Difference between Cognito ID and sub》','https://www.manongdao.com/article-666195.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}