之前,当我们仅使用Cognito用户池启动项目时,我创建了很多解析器,并通过Cognito用户池数据进行了验证,例如:
#if( $ctx.identity.claims["custom:role"] == "admin" )
...some code...(get data, invoke lambda, e.t.c.)
#else
$utils.unauthorized()
#end
但是后来我们需要其他授权提供者(Facebook,Google等)。因此,我们迁移到了cognitoIdentityId,但是在AppSync解析器中从Cognito用户池中获取用户数据时出现了问题。在AWS Lambda中,我通过cognitoIdentityAuthProvider 找到了 Cognito用户池ID,并且可以获取Cognito用户属性,如UserAttributes下面的代码所示:
...
...
const cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider({
apiVersion: '2016-04-18',
});
const getCognitoUserPoolId = (authProvider) => {
const parts = authProvider.split(':');
return parts[parts.length - 1].slice(0, -1);
};
// cognitoIdentityAuthProvider, which we pass as an parameter($ctx.identity.cognitoIdentityAuthProvider) from the AppSync resolver
const SUB = getCognitoUserPoolId(cognitoIdentityAuthProvider);
const params = {
UserPoolId: COGNITO_USER_POOL_ID,
Username: SUB,
};
try {
const { UserAttributes } = await …