Gop*_*opi 6 migration authentication amazon-cognito auth0
我想将所有现有用户从 AWS Cognito 池移至 Auth0。最好使用现有密码,或者如果必须更改密码,则使用即时迁移。我在网上看到了将 Okta/Stormpath 等用户迁移到 auth0 的用户指南,但没有看到任何有关 cognito 到 autho inegration 的内容。任何指针都会有帮助。
将用户导入Auth0有两种方式:
目前,确实没有简单的方法可以将用户从 AWS Cognito 中导出。即使您这样做了,导出的用户配置文件也不会包含用户的哈希密码,因此在迁移到 Auth0 作为身份提供商后,将要求用户重置其帐户密码。不理想。所以批量迁移是不可能的。
相反,自动迁移可能是正确的选择。您必须在 Auth0 中配置自定义数据库并将其指向您的 AWS Cognito 用户池并定义两个脚本:一个用于获取用户,另一个用于登录用户。
默认情况下,AWS 不会通过 API 公开这些端点,但它们在amazon-cognito-identity-js npm 包中确实具有类似的功能(根据文档中的场景 4 )。
感谢@yvovandoorn编写了javascript 代码,您可以在 Auth0 自定义数据库get-user和login脚本中使用此 npm 包来执行自动迁移。只需确保在“自定义数据库”设置下将“将用户导入到 Auth0 ”选中为 true。
get-user.js
/*
Requires Auth0 Global Variables to be set - https://auth0.com/docs/rules/configure-global-variables-for-rules
If testing locally (or not wanting to use Auth0 Global Variables):
const configuration = {
"accessKeyId": "AKIAIBDT5G4M237CZSMQ",
"secretAccessKey": "your-cognito-secret-access-key",
"region": "eu-west-1",
"UserPoolId": "eu-west-1_V69pvauTp"
*/
function getUser(username, callback) {
const userParameters = ["email", "email_verified", "custom:designation"];
const AWS = require('aws-sdk@2.593.0');
AWS.config.update({ "accessKeyId": configuration.accessKeyId, "secretAccessKey": configuration.secretAccessKey, "region": configuration.region });
const cognito = new AWS.CognitoIdentityServiceProvider();
cognito.adminGetUser({
UserPoolId: configuration.UserPoolId,
Username: username
}, (err, data) => {
if (err) {
console.log(err);
if (err.code === "UserNotFoundException") return callback(null);
else callback(err);
}
else {
console.log(data);
if (data.code === "UserNotFoundException") return callback(null);
else {
let profile = {
"user_id": data.UserAttributes.find(item=>item.Name==="sub").Value,
"username": data.Username,
};
userParameters.forEach(customParameterName => {
profile[customParameterName] = data.UserAttributes.find(item=>item.Name===customParameterName).Value;
});
return callback(null, profile);
}
}
});
}
login.js
/*
Read StackOverflow article about potential window issue: https://stackoverflow.com/questions/40219518/aws-cognito-unauthenticated-login-error-window-is-not-defined-js
Requires Auth0 Global Variables to be set - https://auth0.com/docs/rules/configure-global-variables-for-rules
If testing locally (or not wanting to use Auth0 Global Variables):
const configuration = {
"ClientId": "nzHNdG0XGS4qSaS5p0EZZesoIO2xfKQDRMgWPoce",
"UserPoolId": "eu-west-1_V69pvauTp"
*/
function login(username, password, callback) {
global.fetch = require('node-fetch@2.6.0');
var AmazonCognitoIdentity = require('amazon-cognito-identity-js@3.0.14');
var poolData = {
UserPoolId: configuration.UserPoolId,
ClientId: configuration.ClientId
};
var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData);
var authenticationDetails = new AmazonCognitoIdentity.AuthenticationDetails({
Username: username,
Password: password
});
var userData = {
Username: username,
Pool: userPool
};
var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData);
cognitoUser.authenticateUser(authenticationDetails, {
onSuccess: function (result) {
//console.log(result);
var idTokenPayload = result.getIdToken().payload;
console.log(idTokenPayload);
var profile = {
user_id: idTokenPayload.sub,
email: idTokenPayload.email,
/* might want to set this to false if you're not validating email addresses */
email_verified: true,
};
console.log({ result, idTokenPayload, profile });
callback(null, profile);
},
onFailure: (function (err) {
return callback(new WrongUsernameOrPasswordError(username))
})
});
}
| 归档时间: |
|
| 查看次数: |
5388 次 |
| 最近记录: |