amazon web services - Is it secure to store on client's device AWS Temporary Credentials (STS)? -


i wanted ask if secure store aws temporary credentials (access key id, secret access key, session token) on mobile device calls api? many sources describes necessary part of authorization process. according mentioned below aws resources images:

retreiving temporary credentials

federating access aws resources

i'm speaking of credentials can obtained assumerolewithwebidentity or getcredentialsforidentity.

isn't more secure use jwt tokents instead prevent hacking credentials , obtain access secured them resources?

the credentials sts no different (at high level) jwt tokens. both temporary, , if 'hacker' obtain either type of credential, result same. key benefit of using temporary credentials in general if/when compromised, valid short amount of time (usually hour).

storing temporary credentials on device separate topic, jwt tokens not different sts session credentials.

i don't have links, i'm sure there public discussions , docs on storing session credentials in apps on devices.


Comments

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

vue.js - Create hooks for automated testing -

Add new key value to json node in java -