Boto3 - 使用Amazon Cognito进行身份验证而不使用访问密钥
[英]Boto3 - Authenticating with Amazon Cognito without using access keys
问题描述
I'm developing a python script that interacts with a web service that uses Amazon Cognito (with which I'm unfamiliar) as the authentication backend and I'm having difficulties logging in. 
我正在开发一个python脚本,它与使用Amazon Cognito(我不熟悉)的Web服务进行交互,作为身份验证后端,我在登录时遇到了困难。
My main issue is that boto3 requires both the AWS access key and secret key (without providing those I get the "NoCredentialsError"), but since this script will reside on multiple untrusted computers I don't want to store/embed those keys, for obvious security reasons. 我的主要问题是boto3需要AWS访问密钥和密钥(不提供我得到的“NoCredentialsError”),但由于此脚本将驻留在多个不受信任的计算机上,我不想存储/嵌入这些密钥,因为明显的安全原因。
The information that these untrusted computers will have access to are: 这些不受信任的计算机可以访问的信息是:
- Username and Password for logging into the web service 用于登录Web服务的用户名和密码
- Cognito Identity Pool ID Cognito身份池ID
- Cognito User Pool ID Cognito用户池ID
- Cognito Client ID Cognito客户端ID
Is it possible, with the informations these clients have, to correctly authenticate with Cognito? 通过这些客户端的信息,是否可以使用Cognito正确进行身份验证? If so, how? 如果是这样,怎么样?
1 个解决方案
解决方案1
0 已采纳 2017-10-19 21:01:17
Yes. 是。 Call get_credentials_for_identity() . 调用get_credentials_for_identity() 。 It does not require any credentials. 它不需要任何凭据。 Use this as follows: 使用如下:
import boto3
cognito = boto3.client('cognito-identity')
response = cognito.get_credentials_for_identity(IdentityId="id")
where "id" is the Cognito Identity Pool ID. 其中"id"是Cognito Identity Pool ID。 response should return a dict including temporary Access Key, Secret Access Key, Session Token, and Expiration date. response应返回包括临时访问密钥,秘密访问密钥,会话令牌和到期日期的dict 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.