我不确定我是否正确理解了该过程,但我正在使用 Cognito 用户池并进行身份验证。我按预期收到了我的代币。我正在尝试根据 documentation 调用 CognitoIdentityCredentials作为我的 onSuccess 身份验证流程的一部分。
AWS.config.update({
credentials: new AWS.CognitoIdentityCredentials({
IdentityPoolId: IdentityPoolId,
}),
region: 'us-east-1'
});
我已将 IAM 角色分配到我的 Cognito 身份池,一切看起来都配置正确。但是,我没有收到任何 AWS 凭证。
文档指出:
By default this provider gets credentials using the AWS.CognitoIdentity.getCredentialsForIdentity() service operation, which requires either an IdentityId or an IdentityPoolId (Amazon Cognito Identity Pool ID), which is used to call AWS.CognitoIdentity.getId() to obtain an IdentityId.
我是否需要手动调用 AWS.CognitoIdentity.getId() 来获取 AWS 凭证?
最佳答案
使用 aws-sdk for JavaScript v3 ,我终于能够在通过 API 网关调用的 JavaScript Lambda 函数中使用以下代码从 Cognito 用户的身份 jwtToken 获取 Cognito 用户的凭证和 IdentityId Cognito User Pool Authorizer (jwtToken 被传递到请求的 Authorization header 中):
const IDENTITY_POOL_ID = "us-west-2:7y812k8a-1w26-8dk4-84iw-2kdi849sku72"
const USER_POOL_ID = "cognito-idp.us-west-2.amazonaws.com/us-west-2_an976DxVk"
const { CognitoIdentityClient } = require("@aws-sdk/client-cognito-identity");
const { fromCognitoIdentityPool } = require("@aws-sdk/credential-provider-cognito-identity");
exports.handler = async (event,context) => {
const cognitoidentity = new CognitoIdentityClient({
credentials: fromCognitoIdentityPool({
client: new CognitoIdentityClient(),
identityPoolId: IDENTITY_POOL_ID,
logins: {
[USER_POOL_ID]:event.headers.Authorization
}
}),
});
var credentials = await cognitoidentity.config.credentials()
console.log(credentials)
// {
// identityId: 'us-west-2:d393294b-ff23-43t6-d8s5-59876321457d',
// accessKeyId: 'ALALA2RZ7KTS7STD3VXLM',
// secretAccessKey: '/AldkSdt67saAddb6vddRIrs32adQCAo99XM6',
// sessionToken: 'IQoJb3JpZ2luX2VjEJj//////////...', // sessionToken cut for brevity
// expiration: 2022-07-17T08:58:10.000Z
// }
var identity_ID = credentials.identityId
console.log(identity_ID)
const response = {
statusCode: 200,
headers: {
"Access-Control-Allow-Headers": "*",
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods" : "OPTIONS,POST,GET,PUT"
},
body:JSON.stringify(identity_ID)
};
return response;
}
在 Cognito 用户登录后,我可以在我的 React 中使用 aws-amplify 指令和 fetch() 的 Auth 指令-通过调用以下代码向我的 API 网关触发器(使用 Cognito User Pool Authorizer 进行身份验证)发送请求来调用上面显示的 lambda 函数的 native 应用程序:
import { Auth } from 'aws-amplify';
var APIGatewayEndpointURL = 'https://5lstgsolr2.execute-api.us-west-2.amazonaws.com/default/-'
var response = {}
async function getIdentityId () {
var session = await Auth.currentSession()
var IdToken = await session.getIdToken()
var jwtToken = await IdToken.getJwtToken()
var payload = {}
await fetch(APIGatewayEndpointURL, {method:"POST", body:JSON.stringify(payload), headers:{Authorization:jwtToken}})
.then(async(result) => {
response = await result.json()
console.log(response)
})
}
有关如何使用 aws-amplify 进行身份验证的更多信息,请参见此处 https://docs.amplify.aws/ui/auth/authenticator/q/framework/react-native/#using-withauthenticator-hoc
关于amazon-web-services - CognitoIdentityCredentials 不提供访问权限,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61915276/