[英]Boto3 - Authenticating with Amazon Cognito without using access keys
I'm developing a python script that interacts with a web service that uses Amazon Cognito (with which I'm unfamiliar) as the authentication backend and I'm having difficulties logging in. 我正在开发一个python脚本,它与使用Amazon Cognito(我不熟悉)的Web服务进行交互,作为身份验证后端,我在登录时遇到了困难。
My main issue is that boto3 requires both the AWS access key and secret key (without providing those I get the "NoCredentialsError"), but since this script will reside on multiple untrusted computers I don't want to store/embed those keys, for obvious security reasons. 我的主要问题是boto3需要AWS访问密钥和密钥(不提供我得到的“NoCredentialsError”),但由于此脚本将驻留在多个不受信任的计算机上,我不想存储/嵌入这些密钥,因为明显的安全原因。
The information that these untrusted computers will have access to are: 这些不受信任的计算机可以访问的信息是:
Is it possible, with the informations these clients have, to correctly authenticate with Cognito? 通过这些客户端的信息,是否可以使用Cognito正确进行身份验证? If so, how? 如果是这样,怎么样?
Yes. 是。 Call get_credentials_for_identity()
. 调用get_credentials_for_identity()
。 It does not require any credentials. 它不需要任何凭据。 Use this as follows: 使用如下:
import boto3
cognito = boto3.client('cognito-identity')
response = cognito.get_credentials_for_identity(IdentityId="id")
where "id"
is the Cognito Identity Pool ID. 其中"id"
是Cognito Identity Pool ID。 response
should return a dict
including temporary Access Key, Secret Access Key, Session Token, and Expiration date. response
应返回包括临时访问密钥,秘密访问密钥,会话令牌和到期日期的dict
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.