我正在使用客户端 Cognito Javascript SDK。部分设置需要配置region, UserPoolId, ClientId, and identityPoolId. 在测试期间,我通过一个单独的文件包含数据,用户可以查看并使用该文件来发现这些 Cognito id。
将这些 ID 公开给最终用户是否安全?
否则,我如何安全地做到这一点?
AWS cognito 提供的 JWT (id) 令牌未在我的 gRPC 服务上通过令牌验证,我的响应始终未经身份验证。
这与默认的 JwtBearer 选项有关吗?
gRPC服务Program.cs:
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Server.Kestrel.Core;
using Microsoft.IdentityModel.Tokens;
var builder = WebApplication.CreateBuilder();
builder.WebHost.ConfigureKestrel(options =>
{
options.ListenLocalhost(5000, o => o.Protocols = HttpProtocols.Http2);
});
builder.Services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_bX1jng7q2",
ValidateIssuerSigningKey = true,
ValidateIssuer = true,
ValidateLifetime = true,
ValidAudience = "2c744fhbdu94inn8u4sv4kg0ft",
ValidateAudience = true,
RoleClaimType = "cognito:groups"
};
options.MetadataAddress = "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_bX1jng7q2/.well-known/openid-configuration";
});
builder.Services.AddAuthorization();
builder.Services.AddGrpc();
var app = …