如何针对AWS Cognito用户池进行身份验证
[英]How do I authenticate against an AWS Cognito User Pool
问题描述
I've created a Cognito User Pool. 
我创建了一个Cognito用户池。 I can list the users and add the users using the AWSCognitoIdentityProviderClient from the Java AWS SDK. 我可以列出用户并使用Java AWS SDK中的AWSCognitoIdentityProviderClient添加用户。
However, I have a custom login page and I wish to take the entered username and password and authenticate against my User Pool. 但是,我有一个自定义登录页面,我希望输入输入的用户名和密码,并对我的用户池进行身份验证。 I don't see anywhere in the Java AWS SDK where I can pass credentials and get an authentication result from. 我没有在Java AWS SDK中看到任何可以传递凭据并从中获取身份验证结果的地方。
Edit: I can't get past this error: 编辑:我无法通过此错误:
NotAuthorizedException: Missing credentials in config NotAuthorizedException:配置中缺少凭据
Relevant code: 相关代码:
AWS.config.region = 'us-east-1';
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'us-east-1:087a3210-64f8-4dae-9e3c...' // your identity pool id here
});
AWSCognito.config.region = 'us-east-1';
AWSCognito.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'us-east-1:087a3210-64f8-4dae-9e3c...' // your identity pool id here
});
var poolData = {
UserPoolId: 'us-east-1_39RP...',
ClientId: 'ttsj9j5...',
ClientSecret: 'bkvkj9r8kl2ujrlu41c7krsb6r7nub2kb260gj3mgi...'
};
var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);
var authenticationData = {
Username: 'test@foo.com',
Password: 'foobarfoo',
};
var authenticationDetails = new AWSCognito.CognitoIdentityServiceProvider.AuthenticationDetails(authenticationData);
var userData = {
Username: 'test@foo.com',
Pool: userPool
};
var cognitoUser = new AWSCognito.CognitoIdentityServiceProvider.CognitoUser(userData);
cognitoUser.authenticateUser(authenticationDetails, {
onSuccess: function (result) {
console.log('access token + ' + result.getAccessToken().getJwtToken());
},
onFailure: function (err) {
alert(err);
},
});
3 个解决方案
解决方案1
12 2017-02-28 07:48:18
The AWS Java SDK includes APIs to authenticate users in a User Pool. AWS Java SDK包含用于对用户池中的用户进行身份验证的API。 You can authenticate a user using either the InitiateAuth api or AdminInitiateAuth api of the AWSCognitoIdentityProviderClient class. 您可以使用AWSCognitoIdentityProviderClient类的InitiateAuth api或AdminInitiateAuth api对用户进行身份验证。 The difference between these two API is explained in the documentation. 这两个API之间的区别在文档中进行了解释。 In short, for InitiateAuth, you need to perform SRP calculations and then pass it to the API, while in AdminInitiateAuth you can directly pass the username and password. 简而言之,对于InitiateAuth,您需要执行SRP计算,然后将其传递给API,而在AdminInitiateAuth中,您可以直接传递用户名和密码。 You can read about the security implications in both cases and decide which one to use. 您可以阅读这两种情况下的安全隐患,并决定使用哪一种。
Documentation : https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html 文档: https : //docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html
API reference: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html API参考: https : //docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html
My working sample(Groovy): 我的工作样本(Groovy):
def login() {
AWSCognitoIdentityProviderClient client = new AWSCognitoIdentityProviderClient()
println("Provider client: " + client)
client.setRegion(Region.getRegion(Regions.AP_NORTHEAST_1))
HashMap authParams = new HashMap<>()
authParams.put("USERNAME", "User1")
authParams.put("PASSWORD", "a*123")
AdminInitiateAuthRequest adminInitiateAuthRequest = new AdminInitiateAuthRequest()
.withClientId(<YOUR_CLIENT_ID>)
.withUserPoolId(<YOUR_USER_POOL_ID>)
.withAuthFlow(AuthFlowType.ADMIN_NO_SRP_AUTH )
.withAuthParameters(authParams)
AdminInitiateAuthResult result = client.adminInitiateAuth(adminInitiateAuthRequest);
if (result != null) {
System.out.println("AdminInitiateAuthResult:");
System.out.println(result.toString());
} else {
System.out.println("No result available");
return;
}
}
解决方案2
3 2016-04-25 16:15:04
Authentication is only supported via JavaScript, iOS and Android at this time. 目前仅通过JavaScript,iOS和Android支持身份验证。 The necessary apis to authenticate are not part of the server SDKs (java, python et. all) during the beta. 在测试期间,必要的身份验证api不是服务器SDK(java,python等所有)的一部分。 Using the JavaScript SDK is the recommended way of authenticating from your login page. 建议使用JavaScript SDK从登录页面进行身份验证。
解决方案3
2 2016-05-25 11:48:31
check here https://github.com/aws/amazon-cognito-identity-js 点击这里https://github.com/aws/amazon-cognito-identity-js
there is a missing line of code 缺少一行代码
This page http://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-javascript-examples.html is not updated 此页面http://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-javascript-examples.html未更新
// Need to provide placeholder keys unless unauthorised user access is enabled for user pool
AWSCognito.config.update({accessKeyId: 'anything', secretAccessKey: 'anything'})
After including this I stopped having this error. 包括这个之后我就停止了这个错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.