AWS Cognito - 具有联合身份提供商的用户池
[英]AWS Cognito - User Pools with Federated Identity providers
问题描述
I am new to AWS and learning about Cognito Pools.
我是 AWS 的新手,正在学习 Cognito Pools。
I am planning to use Cognito userpools connected with Cognito Federated Identity pool.我计划使用与 Cognito 联合身份池连接的 Cognito 用户池。 I do not want to use Login with hosted UI feature or any other login UI to log in.我不想使用带有托管 UI 功能的登录或任何其他登录 UI 来登录。
Is the following true/possible :-以下是否正确/可能:-
- From back end on calling some Cognito API with username and password it can automatically call the configured User pool Federated Identity provider to authenticate the user and then generate the JWT token.从后端调用一些带有用户名和密码的 Cognito API,它可以自动调用配置的用户池联合身份提供程序来验证用户,然后生成 JWT 令牌。 If yes can you please refer/guide me please.如果是,请您参考/指导我。
- User present in Identity provider does not exist in AWS user pool.身份提供商中存在的用户在 AWS 用户池中不存在。 Is it possible to authenticate the user with configured Identity provider without the user being present in AWS user pool?是否可以在 AWS 用户池中不存在用户的情况下使用配置的身份提供商对用户进行身份验证? If yes then will the user be created in AWS User pool after authentication?如果是,那么在身份验证后会在 AWS 用户池中创建用户吗?
I will really appreciate any help.我真的很感激任何帮助。 Thanks in advance.提前致谢。
1 个解决方案
解决方案1
0 2018-04-27 18:20:06
From back end on calling some Cognito API with username and password it can automatically call the configured User pool Federated Identity provider to authenticate the user and then generate the JWT token.
This is possible.这个有可能。 You can use a combination of the following two references.您可以组合使用以下两个参考。
Receiving the JWT token from Cognito UserPools 从 Cognito UserPools 接收 JWT 令牌
var authenticationData = {
Username : 'username',
Password : 'password',
};
var authenticationDetails = new AmazonCognitoIdentity.AuthenticationDetails(authenticationData);
var poolData = { UserPoolId : 'us-east-1_xxxxx',
ClientId : 'xxxxxxxxxxxxxxxx'
};
var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData);
var userData = {
Username : 'username',
Pool : userPool
};
var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData);
cognitoUser.authenticateUser(authenticationDetails, {
onSuccess: function (result) {
console.log('access token + ' + result.getAccessToken().getJwtToken());
/*Use the idToken for Logins Map when Federating User Pools with identity pools or when passing through an Authorization Header to an API Gateway Authorizer*/
console.log('idToken + ' + result.idToken.jwtToken);
},
onFailure: function(err) {
alert(err);
},
});
Pass the JWT Token to the Cognito Federated Identity Pool via SDK and exchange for AWS Temporary access credentials to perform any action against AWS provisioning.通过开发工具包将 JWT 令牌传递到Cognito 联合身份池并交换 AWS 临时访问凭证以针对 AWS 配置执行任何操作。
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'us-east-1:xxxxxxx-xxxx-xxxx-xxxx-xxxxxx',
Logins: {
'cognito-idp.us-east-1.amazonaws.com/us-east-1_xxxxxx': result.idToken.jwtToken
}
});
User present in Identity provider does not exist in AWS user pool.
This is only possible if your external Identity Provider supports SAML Federation.这仅在您的外部身份提供者支持 SAML 联合时才有可能。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.