从Axios访问AWS API网关
[英]Access AWS API Gateway from Axios
问题描述
I am attempting to access AWS API Gateway-hosted services from Axios. 
我正在尝试从Axios访问AWS API Gateway托管的服务。 Using AWS Amplify, I obtain a token using Auth.currentSession() which delivers a CognitoIdToken . 使用AWS Amplify,我使用Auth.currentSession()获取令牌,该令牌提供CognitoIdToken 。 Embedded within that object is a jwtToken. 嵌入在该对象中的是jwtToken。 I have attempting to call my protected services (authorizer is set to AWS_IAM) using that jwtToken in the HTTP header, trying both the Authorization and x-api-key key, both with no joy. 我试图使用HTTP标头中的jwtToken调用我的受保护服务(授权器设置为AWS_IAM),同时尝试授权和x-api-key密钥,两者都没有任何乐趣。 Given a CognitoIdToken/jwtToken, how do you call an AWS API Gateway service with an authorizer of AWS_IAM? 给定CognitoIdToken / jwtToken,您如何使用AWS_IAM的授权者调用AWS API网关服务?
2 个解决方案
解决方案1
0 已采纳 2019-03-20 11:52:53
If you're using AWS_IAM authentication then you need to use AWS SigV4 with your access key, secret key, and session key that your cognito user gets as part of their authorization. 如果您正在使用AWS_IAM身份验证,则需要将AWS SigV4与您的cognito用户获取的访问密钥,密钥和会话密钥一起使用,作为其授权的一部分。
If you want to use the cognito JWT as your auth mechanism, you need to change your code to use cognito authentication at the API Gateway level. 如果您想使用cognito JWT作为身份验证机制,则需要更改代码以在API网关级别使用身份验证身份验证。
解决方案2
0 2019-03-20 15:32:41
I have been using API gateways along with Cognito for authorization for my Vuejs app. 我一直在使用API网关和Cognito来授权我的Vuejs应用程序。 You can use following steps to get it configured easily. 您可以使用以下步骤轻松配置它。
- Select your API and go to Authorizers option on left panel. 选择您的API并转到左侧面板上的Authorizers选项。 Click on Create New Authorizer. 单击“创建新授权器”。 Then select cognito and add your Cognito user pool there. 然后选择cognito并在那里添加您的Cognito用户池。 Name your Token Source as "Authorization". 将您的令牌源命名为“授权”。 Keep token validation empty. 将令牌验证保持为空。 Click on save. 点击保存。
- You can test your new authorizer using JWT token. 您可以使用JWT令牌测试新的授权程序。 You can print JWT token on console when you log in using AWS amplify and use that token for testing API authorizer. 使用AWS放大器登录时,可以在控制台上打印JWT令牌,并使用该令牌测试API授权程序。 If you get user information from cognito pool, Your Authorizer is successfully configured. 如果您从cognito池获取用户信息,则表明您的授权人已成功配置。
- Next important step is to pass authorized user information from API to Lambda. 下一个重要步骤是将授权用户信息从API传递给Lambda。 You need to configure that in Integration request in your resource method. 您需要在资源方法中的Integration请求中配置它。 For this, select your method in API gateway and click on Integration Request, then click on Mapping Templates which is last option. 为此,在API网关中选择您的方法并单击Integration Request,然后单击Mapping Templates(最后一个选项)。 Once you click that select 2nd radio button "When there are no templates defined (recommended)". 单击后选择第二个单选按钮“当没有定义模板(推荐)”时。 After that in content type click on Add mapping template and give this template name as "application/json". 之后在内容类型中单击添加映射模板,并将此模板名称指定为“application / json”。 Select this template and at bottom of screen you should see box. 选择此模板,在屏幕底部您应该看到框。 In that box you need to write template for getting cognito user details. 在该框中,您需要编写模板以获取Cognito用户详细信息。 You can refer following template. 您可以参考以下模板。
#set($inputRoot = $input.path('$')) { "cognitoUsername": "$context.authorizer.claims.email" }
You can follow this link to get more details about template in AWS https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html 您可以点击此链接以获取有关AWS中模板的更多详细信息, 请访问https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html
Hope this helps. 希望这可以帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.