如何使用AWS Cognito在浏览器中验证用户?
[英]How to authenticate user in browser using AWS Cognito?
问题描述
I need to authenticate users in browser (not mobile app) using AWS Cognito with username/pass, not FB/google IdProviders. 
我需要使用带有用户名/密码的AWS Cognito,而不是FB / google IdProviders,在浏览器(非移动应用程序)中对用户进行身份验证。
There are a lot of docs but they seem to be separate blocks which either incomplete, do not fit the requirements or do not fit each others :( 有很多文档,但它们似乎是单独的块,不完整,不符合要求或不适合彼此:(
I created Cognito User Pool, then Identity pool and tied the userPool to the idPool, then I stuck. 我创建了Cognito User Pool,然后创建了Identity pool并将userPool绑定到了idPool,然后我就卡住了。 Do not know which library to use and how to use it. 不知道使用哪个库以及如何使用它。 The closest I find are: 我找到的最近的是:
- https://aws.amazon.com/sdk-for-browser/ but my experience is not enough to convert their FB samples to not-using FB https://aws.amazon.com/sdk-for-browser/但我的经验不足以将他们的FB样本转换为不使用FB
- https://github.com/aws/aws-amplify but using this lib I'll have to study React/Angular from the very beginning (I'm not a front-end developer, sorry) and I have no clue how to convert their npm-based samples to front-end javascript (npm is for NodeJS thus back-end, isn't it?). https://github.com/aws/aws-amplify但是使用这个lib我必须从一开始就研究React / Angular(我不是前端开发人员,抱歉)我不知道如何将基于npm的样本转换为前端javascript(npm是针对NodeJS的后端,不是吗?)。
All I need is plain html form with username/pass, send the request to Cognito and a way to check during the next page load whether the password was correct. 我需要的只是带有用户名/密码的简单html表单,将请求发送给Cognito以及在下一页加载时检查密码是否正确的方法。 If it matters I will use AWS Lambda as back-end for processing future tasks. 如果重要,我将使用AWS Lambda作为后端来处理未来的任务。
How can I do it? 我该怎么做? Is there a tutorial/doc for my case? 我的案例有教程/文档吗? Thank you. 谢谢。
1 个解决方案
解决方案1
0 已采纳 2018-05-28 12:29:16
You can use AWS Cognito UserPools Hosted UI for your use case. 您可以将AWS Cognito UserPools托管UI用于您的用例。 The simplest form of authentication is using the Implicit Grant. 最简单的身份验证形式是使用隐式授权。
For more information about setting up Hosted UI refer Add an App to Enable the Hosted Web UI. 有关设置托管UI的更多信息,请参阅添加应用程序以启用托管Web UI。 . 。 This will create a UserPool where users can register them self (If you plan to restrict this, you will need to either add users using the AWS Web Console, Cognito UserPools or using their SDK) 这将创建一个UserPool,用户可以在其中自行注册(如果您计划对此进行限制,则需要使用AWS Web Console,Cognito UserPools或使用其SDK添加用户)
The steps are as follows. 步骤如下。
- Set up Cognito Hosted UI and register your application domain. 设置Cognito Hosted UI并注册您的应用程序域。 This will create the login/registration pages for you where each of this will have a unique URL. 这将为您创建登录/注册页面,其中每个页面都有一个唯一的URL。 What you have to do is, if the user is not authenticated (Let's discuss how to detect it later), you need to redirect the user to the Login page. 您需要做的是,如果用户未经过身份验证(让我们稍后讨论如何检测它),则需要将用户重定向到“登录”页面。
- In the Login URL, you also need to specify the redirect back URL to the application so that after a successful login, Cognito will redirect back the user to the application providing the token in a query string. 在登录URL中,您还需要指定应用程序的重定向回URL,以便在成功登录后,Cognito会将用户重定向回在查询字符串中提供令牌的应用程序。
- You can then access the id_token from inside the application and use it for querying the backend. 然后,您可以从应用程序内部访问id_token,并使用它来查询后端。
- Since the id_token is a JWT token you can verify it at your Backend using the public key available at the Cognito token endpoint . 由于id_token是JWT令牌,因此您可以使用Cognito令牌端点上提供的公钥在后端验证它。
- To implement the JWT verification, you can also refer Cognito JWT Token validator NodeJS module. 要实现JWT验证,您还可以参考Cognito JWT令牌验证器 NodeJS模块。
Note: If you need to keep the user's logged in for a longer time period (Than 1 hr), you might need to use the Code Grant flow which will return a Refresh Token, which could be used to retrieve new id_tokens programmatically. 注意:如果您需要让用户登录更长的时间段(超过1小时),您可能需要使用代码授予流程,该流程将返回刷新令牌,可用于以编程方式检索新的id_tokens。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.