[英]What does amr mean in aws cognito
https://mobile.awsblog.com/post/Tx1OSMBRHZVM9V0/Understanding-Amazon-Cognito-Authentication-Part-3-Roles-and-Policies https://mobile.awsblog.com/post/Tx1OSMBRHZVM9V0/Understanding-Amazon-Cognito-Authentication-Part-3-Roles-and-Policies
I'm pretty new to AWS.我对 AWS 很陌生。 This blog series about AWS Cognito keep mentioning about amr like examples below
这个关于 AWS Cognito 的博客系列不断提到 amr,如下面的例子
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "login.myprovider.myapp"
}
Finally, we specify that the amr of the token contains the value unauthenticated.
I couldn't find and figure out what it means.我无法找到并弄清楚这意味着什么。
amr stands for 'Authentication Methods References'. amr代表“身份验证方法参考”。 That comes from the OpenID Connect specification.
这来自OpenID Connect规范。 http://openid.net/specs/openid-connect-core-1_0.html
http://openid.net/specs/openid-connect-core-1_0.html
In the context of Cognito, this represents how the user was authenticated. 在Cognito的上下文中,这表示如何对用户进行身份验证。 For example if the user was authenticated using any of the supported providers (facebook, google, amazon), the amr will contain 'authenticated' and also the name for the provider eg 'graph.facebook.com' if user was authenticated using facebook.
例如,如果使用任何受支持的提供程序(facebook,google,amazon)对用户进行了身份验证,则如果用户使用facebook进行了身份验证,则amr将包含“已验证”以及提供程序的名称,例如“ graph.facebook.com”。 If the user was authenticated using google, it will be 'accounts.google.com'.
如果该用户使用google进行了身份验证,则将是“ accounts.google.com”。 If the user was authenticated without using any supported providers (Unauthenticated Identity), it will be 'unauthenticated'.
如果在不使用任何支持的提供程序的情况下对用户进行了身份验证(未经身份验证的身份),则该用户将为“未经身份验证”。
This is useful when you use Cognito Credenitials to access your AWS services and want to implement fine grained access control 当您使用Cognito Credenitials访问您的AWS服务并希望实施细粒度的访问控制时,这很有用
This is a really old question but I think it's worth mentioning that [AMR is an array[(https://self-issued.info/docs/draft-ietf-oauth-amr-values-01.html#rfc.section.2) in case anybody (like me) didn't notice.这是一个非常古老的问题,但我认为值得一提的是 [AMR 是一个数组 [(https://self-issued.info/docs/draft-ietf-oauth-amr-values-01.html#rfc.section。 2)以防万一有人(比如我)没有注意到。 That's the reason why in your condition clause you need to use ForAnyValue:StringLike not just StringLike.
这就是为什么在您的条件子句中您需要使用 ForAnyValue:StringLike 而不仅仅是 StringLike 的原因。 Example:
例子:
"Condition": {
"StringEquals": {
"cognito-identity.amazonaws.com:aud": "us-east-1:<your-id-pool-id>"
},
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "authenticated"
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.