Developers can integrate web-based sign-in platforms without having to write any server-side code Using a new API announced by Amazon Web Services, developers can use Amazon.com, Facebook, or Google’s sign-in systems for their cloud-based apps.Amazon calls the concept web identity federation, and the new AWS Security Token Service (STS) API (application programming interface) simplifies the development process by letting users integrate web-based sign-in platforms with their apps without having to write any server-side code, according to Amazon.In addition to Google and Facebook, Amazon Web Services has also integrated the recently announced Login with Amazon, a free service that lets third party apps and websites use the online retail giant’s system for authenticating users.The API — which is called AssumeRoleWithWebIdentity — requests temporary security credentials for users that have been authenticated using one of the three public identity providers. An app can then use the temporary credentials to access AWS resources such as Simple Storage Service (S3) objects, DynamoDB tables, or Simple Queue Service queues. A smartphone app can store player and score information in an Amazon S3 bucket or an Amazon DynamoDB table, according to Amazon. Because the app needs to be able to distinguish individual users, users cannot be anonymous, it said.When a user signs in, the authentication process for the chosen identity provider is invoked. How this works depends on the identity provider and the underlying platform. For example, an Android app can use a different way to authenticate than an iOS app or a JavaScript-based web app, according to Amazon. In general, the authentication process returns a token to the app that represents the authenticated user. Depending on what the provider shows and the user is willing to share, developers might be able to access more information that can be used by the app, Amazon said. To help developers get started, Amazon has published an article entitled “Creating temporary security credentials for mobile apps using identity providers” on the AWS documentation website, which includes code examples.Send news tips and comments to mikael_ricknas@idg.com Related content news UK Cyber Security Council CEO reflects on a year of progress Professor Simon Hepburn sits down with broadcaster ITN to discuss Council’s work around cybersecurity professional standards, careers and learning, and outreach and diversity. By Michael Hill Sep 27, 2023 3 mins Government Government Government news FIDO Alliance certifies security of edge nodes, IoT devices Certification demonstrates that products are at low risk of cyberthreats and will interoperate securely. By Michael Hill Sep 27, 2023 3 mins Certifications Internet Security Security Hardware news analysis Web app, API attacks surge as cybercriminals target financial services The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks. By Michael Hill Sep 27, 2023 6 mins Financial Services Industry Cyberattacks Application Security news Immersive Labs adds custom 'workforce exercising' for each organizational role With the new workforce exercising capability, CISOs will be able to see each role’s cybersecurity readiness, risk areas, and exercise progress. By Shweta Sharma Sep 27, 2023 3 mins Security Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe