AWS Lambda - 无法在 lambda 函数中获取 Cognito 用户数据
[英]AWS Lambda - Can't get Cognito user data in lambda function
问题描述
I am trying to get Cognito user data in a lambda function.
我正在尝试在 lambda 函数中获取 Cognito 用户数据。 I am trying to pass it to lambda using body mapping template as我正在尝试使用body mapping template将它传递给 lambda 作为
{
"cognito-authentication-provider" : "$context.identity.cognitoAuthenticationProvider",
"cognito-authentication-type" : "$context.identity.cognitoAuthenticationType",
"cognito-identity-id" : "$context.identity.cognitoIdentityId",
"cognito-identity-pool-id" : "$context.identity.cognitoIdentityPoolId",
}
But, in the lambda function, the data is coming empty as但是,在 lambda 函数中,数据变空了
'cognito-authentication-provider': '',
'cognito-authentication-type': '',
'cognito-identity-id': '',
'cognito-identity-pool-id': ''
Please help me solve this.请帮我解决这个问题。
Thanks...谢谢...
EDIT: Added Cognito authentication dev-dummy-auth as编辑:将 Cognito 身份验证dev-dummy-auth添加为
3 个解决方案
解决方案1
2 已采纳 2018-06-13 08:07:58
To build on Dilip Kola's answer. 以Dilip Kola的答案为基础。 It appears that the context variables you are trying to access do not exist for the authorization method you are using. 您正在尝试访问的上下文变量似乎对于您正在使用的授权方法不存在。
The only way I can see to get the token information to the underlying Lambda service is to pass the whole token down and open it in the Lambda with an appropriate library for the language you are using. 我看到的将令牌信息获取到底层Lambda服务的唯一方法是向下传递整个令牌,并在Lambda中使用适合您所使用语言的库在Lambda中打开它。
You can pass the token by adding a line to your body mapping template. 您可以通过在身体映射模板中添加一行来传递令牌。
{"Authorization" : "$input.params().header.get('Authorization')"}
A Cognito ID token is in the form of a JWT (JSON Web Token). Cognito ID令牌采用JWT(JSON Web令牌)的形式。 The ISS claim is in the format https://cognito-idp.{region}.amazonaws.com/{userPoolId} . ISS声明的格式为https://cognito-idp.{region}.amazonaws.com/{userPoolId} 。
Update - To include information about User Groups 更新-包含有关用户组的信息
The Cognito Identity token does not contain the User Groups of the user who was issued the token. Cognito身份令牌不包含颁发该令牌的用户的用户组。
To restrict API access to individuals in certain User Groups, you will have to change your authentication method to AWS_IAM Authorizer using Cognito Federated Identities. 要限制对某些用户组中的个人的API访问,您必须使用Cognito联合身份将身份验证方法更改为AWS_IAM Authorizer。
An alternative would be to use a custom attribute such as role in Cognito marking certain users as Admin, User, etc (as these can be passed in the id token) then evaluating that custom attribute. 另一种选择是使用自定义属性,例如Cognito中的角色,将某些用户标记为Admin,User等(因为这些用户可以在id令牌中传递),然后评估该自定义属性。 If you were going to go down this route, I would move to a Custom Lambda Authorizer method of authentication. 如果您打算沿这条路线走,我将转到“自定义Lambda授权器”身份验证方法。 This way you can check the custom attributes at the same time you validate the token, so requests don't ever reach the backend if the user does not have the correct access rights. 这样,您可以在验证令牌的同时检查自定义属性,因此,如果用户没有正确的访问权限,则请求永远不会到达后端。
解决方案2
1 2018-06-12 15:03:04
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html#context-variable-reference您正在使用Cognito身份池凭据引用API请求的上下文变量,当您使用cognito用户池授权者时,这些将不可用。
解决方案3
0 2022-12-24 07:01:38
If you enable Use Lambda Proxy inegration in Integration Request , ewverything will show up in event['requestContext']['authorizer']['claims']如果您在Integration Request中启用Use Lambda Proxy inegration集成,所有内容都会显示在event['requestContext']['authorizer']['claims']
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.