App*_*ins 3 amazon-web-services amazon-cognito
我不确定我是否正确理解了该过程,但我正在使用 Cognito 用户池并进行身份验证。我按预期收到了我的代币。我试图根据文档调用 CognitoIdentityCredentials作为我的 onSuccess 身份验证流程的一部分。
AWS.config.update({
credentials: new AWS.CognitoIdentityCredentials({
IdentityPoolId: IdentityPoolId,
}),
region: 'us-east-1'
});
我已将 IAM 角色分配给我的 Cognito 身份池,并且一切看起来都已正确配置。但是,我没有收到任何 AWS 凭证。
文档指出:
默认情况下,此提供商使用 AWS.CognitoIdentity.getCredentialsForIdentity() 服务操作获取凭证,该操作需要 IdentityId 或 IdentityPoolId(Amazon Cognito 身份池 ID),用于调用 AWS.CognitoIdentity.getId() 来获取 IdentityId 。
我是否需要手动调用 AWS.CognitoIdentity.getId() 来获取 AWS 凭证?
使用适用于 JavaScript v3 的 aws-sdk,我最终能够使用 Cognito 用户池授权程序(jwtToken)通过 API 网关调用的 JavaScript Lambda 函数中的以下代码,从 Cognito 用户的身份 jwtToken 获取 Cognito 用户的凭证和IdentityId被传递到Authorization请求的标头中):
const IDENTITY_POOL_ID = "us-west-2:7y812k8a-1w26-8dk4-84iw-2kdi849sku72"
const USER_POOL_ID = "cognito-idp.us-west-2.amazonaws.com/us-west-2_an976DxVk"
const { CognitoIdentityClient } = require("@aws-sdk/client-cognito-identity");
const { fromCognitoIdentityPool } = require("@aws-sdk/credential-provider-cognito-identity");
exports.handler = async (event,context) => {
const cognitoidentity = new CognitoIdentityClient({
credentials: fromCognitoIdentityPool({
client: new CognitoIdentityClient(),
identityPoolId: IDENTITY_POOL_ID,
logins: {
[USER_POOL_ID]:event.headers.Authorization
}
}),
});
var credentials = await cognitoidentity.config.credentials()
console.log(credentials)
// {
// identityId: 'us-west-2:d393294b-ff23-43t6-d8s5-59876321457d',
// accessKeyId: 'ALALA2RZ7KTS7STD3VXLM',
// secretAccessKey: '/AldkSdt67saAddb6vddRIrs32adQCAo99XM6',
// sessionToken: 'IQoJb3JpZ2luX2VjEJj//////////...', // sessionToken cut for brevity
// expiration: 2022-07-17T08:58:10.000Z
// }
var identity_ID = credentials.identityId
console.log(identity_ID)
const response = {
statusCode: 200,
headers: {
"Access-Control-Allow-Headers": "*",
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods" : "OPTIONS,POST,GET,PUT"
},
body:JSON.stringify(identity_ID)
};
return response;
}
Cognito 用户登录后,我可以在我的 React-Native 应用程序中使用Auth指令aws-amplify和fetch()来调用上面显示的 lambda 函数,方法是通过调用以下代码:
import { Auth } from 'aws-amplify';
var APIGatewayEndpointURL = 'https://5lstgsolr2.execute-api.us-west-2.amazonaws.com/default/-'
var response = {}
async function getIdentityId () {
var session = await Auth.currentSession()
var IdToken = await session.getIdToken()
var jwtToken = await IdToken.getJwtToken()
var payload = {}
await fetch(APIGatewayEndpointURL, {method:"POST", body:JSON.stringify(payload), headers:{Authorization:jwtToken}})
.then(async(result) => {
response = await result.json()
console.log(response)
})
}
有关如何使用身份验证的更多信息aws-amplify可以在此处找到https://docs.amplify.aws/ui/auth/authenticator/q/framework/react-native/#using-withauthenticator-hoc
| 归档时间: |
|
| 查看次数: |
4959 次 |
| 最近记录: |