AWS Cognito身份验证+ AWS Mobile客户端+ API网关+ S3存储桶
[英]AWS Cognito Authentication + AWS Mobile Client + API Gateway + S3 Bucket
问题描述
I built a login screen for my app using AWSCognitoAuth, exactly like in one of the provided examples ( https://github.com/awslabs/aws-sdk-ios-samples/tree/master/CognitoAuth-Sample ). 
我使用AWSCognitoAuth为我的应用程序构建了一个登录屏幕,就像提供的示例之一( https://github.com/awslabs/aws-sdk-ios-samples/tree/master/CognitoAuth-Sample )一样。 This works fine - it shows the login screen in an instance of SFSafariViewController where the user just logs in using regular username + passwort, or through Facebook or Google. 效果很好-它在SFSafariViewController实例中显示登录屏幕,用户只需使用常规用户名+密码或通过Facebook或Google登录即可。 So after this authentication, I get the access and refresh tokens which I can then use for fetching data from my API, which is routed through AWS API Gateway. 因此,在进行此身份验证之后,我获得了访问和刷新令牌,然后可以使用这些令牌来从我的API中获取数据,该API是通过AWS API Gateway路由的。 The corresponding AWS API Gateway routes are configured to use "User Pools" authorization, instead of "IAM". 相应的AWS API Gateway路由配置为使用“用户池”授权,而不是“ IAM”。
But now I need to download some files from a S3 bucket, which is not public. 但是现在我需要从S3存储桶下载一些文件,这不是公开的。 So what needs to be done, is to get temporary AWS Credentials and access the bucket using them. 因此,需要做的是获取临时AWS凭证并使用它们访问存储桶。 The AWSMobileClient library together with the S3 Transfer Utility are able to do that. AWSMobileClient库和S3 Transfer Utility能够做到这一点。 But my problem is, I don't know how to tell the AWSMobileClient about the fact, that the user has now signed in .AWSMobileClient is initialized in the appDelegate's didFinishLaunching:withOptions like this: 但是我的问题是,我不知道如何告诉AWSMobileClient用户已经登录的事实.AWSMobileClient是在appDelegate的didFinishLaunching:withOptions初始化的,如下所示:
let serviceConfiguration = AWSServiceConfiguration(
region: .EUWest1,
credentialsProvider: AWSMobileClient.sharedInstance().getCredentialsProvider()
)
//create a pool
let configuration = AWSCognitoIdentityUserPoolConfiguration.init(clientId: CognitoIdentityUserPoolAppClientId, clientSecret: CognitoIdentityUserPoolAppClientSecret, poolId: CognitoIdentityUserPoolId)
AWSCognitoIdentityUserPool.register(with: serviceConfiguration, userPoolConfiguration: configuration, forKey: AWSCognitoUserPoolsSignInProviderKey)
AWSServiceManager.default().defaultServiceConfiguration = serviceConfiguration
AWSFacebookSignInProvider.sharedInstance().setPermissions(["public_profile", "email"])
AWSSignInManager.sharedInstance().register(signInProvider: AWSFacebookSignInProvider.sharedInstance())
return AWSMobileClient.sharedInstance().interceptApplication(
application,
didFinishLaunchingWithOptions: launchOptions)
The thing is, when I completely close the app after doing the AWSCognitoAuth signin and reopen it, the AWSMobileClient somehow finds the session and the credentials are fetched properly and the file from the bucket gets loaded. 问题是,当我在执行AWSCognitoAuth登录后完全关闭应用程序并重新打开它时,AWSMobileClient会以某种方式找到该会话并正确获取凭据,并从存储桶中加载文件。 But I need to somehow trigger this manually after the user signs in, I cannot force the user to quit and reopen the app, not in 2018... I have been debugging this now for a long time and was digging through the AWSMobileClient framework, trying to find how to hook those two together, but with no success. 但是我需要以某种方式在用户登录后手动触发此操作,我不能强迫用户退出并重新打开应用程序,而不是在2018年……我已经调试了很长时间,并且正在研究AWSMobileClient框架,试图找到如何将这两个挂钩的方法,但没有成功。 How can I do it? 我该怎么做?
1 个解决方案
解决方案1
0 2018-11-27 10:18:06
But now I need to download some files from a S3 bucket, which is not public.
Did you already try to use Pre-signed url ? 您是否已经尝试使用Pre-signed url ? It is meant to cover your requirements. 它旨在满足您的要求。 It allows temporary access to aws resources, in your case get access on S3 bucket. 它允许临时访问AWS资源,您可以在S3存储桶上进行访问。
You have samples using iOS sdk here , check the S3TransferUtility-Sample . 您在这里有使用iOS sdk 的示例 ,请检查S3TransferUtility-Sample 。
S3TransferUtility-Sample (Swift, Objective-C).
- Amazon S3 Amazon
- Cognito Identity
Hope it helps! 希望能帮助到你!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.