[英]AWS cognito user pool server side flow with spring boot
I want to implement AWS Cognito server side flow with spring boot.我想用 Spring Boot 实现 AWS Cognito 服务器端流程。 I don't quite understand what the flow should be.
我不太明白流程应该是什么。 Should I use spring oauth along with it ?
我应该同时使用 spring oauth 吗?
Requirement is something like this.要求是这样的。 As an admin create user and give access to these created users to use my API from API Gateway (Let's ignore API Gateway part and say we just need access token from cognito for now)
作为管理员创建用户并授予这些创建用户的访问权限以从 API Gateway 使用我的 API(让我们忽略 API Gateway 部分,假设我们现在只需要来自 cognito 的访问令牌)
Here is what I think should happen if I use AWS cognito with spring oauth2如果我将 AWS cognito 与 spring oauth2 一起使用,我认为应该会发生以下情况
user hits localhost:8000/oauth/token
- with basic authentication (username and password) which will do an API call with user credentials.用户点击
localhost:8000/oauth/token
- 使用基本身份验证(用户名和密码),它将使用用户凭据进行 API 调用。 User receives the token and uses it however he/she needs it.用户收到令牌并使用它,但他/她需要它。
respond to auth challenge
?respond to auth challenge
? Should user pass new password for first time when calling my application API ?@RestController
public class Oauth {
@PostMapping(path = "/oauth/token")
public AdminInitiateAuthResult token(@RequestHeader("username") String username, @RequestHeader("password") String password) {
AWSCognitoIdentityProvider provider = AWSCognitoIdentityProviderClientBuilder
.standard()
.withRegion(Regions.US_WEST_2)
.withCredentials(new AWSStaticCredentialsProvider()).build();
Map<String, String> authParams = new HashMap<>();
authParams.put("USERNAME", username);
authParams.put("PASSWORD", password);
AdminInitiateAuthRequest adminInitiateAuthRequest = new AdminInitiateAuthRequest()
.withClientId("{client-id}")
.withUserPoolId("{user-pool-id}")
.withAuthFlow(AuthFlowType.ADMIN_USER_PASSWORD_AUTH)
.withAuthParameters(authParams);
AdminInitiateAuthResult authResult = provider.adminInitiateAuth(adminInitiateAuthRequest);
return authResult.getAuthenticationResult().getIdToken();
}
}
Business requirement is quite simple there needs to be a pool of users (cognito in this case) who can get some kind of a token to access few APIs.
业务需求非常简单,需要有一个用户池(在本例中为 cognito),他们可以获得某种令牌来访问少数 API。 I want to achieve this using spring boot, since the API is written using spring boot and also I use AWS Api Gateway
我想使用 spring boot 来实现这一点,因为 API 是使用 spring boot 编写的,而且我还使用了 AWS Api Gateway
Should I use spring oauth along with it ?
我应该同时使用 spring oauth 吗?
No. Authorization is done by API Gateway.否。授权由 API Gateway 完成。
API clients need to obtain token from Cognito (ie authenticate themselves there) before using API. API 客户端在使用 API 之前需要从 Cognito 获取令牌(即在那里验证自己)。 There is no need to do anything on application (Spring) side.
无需在应用程序(Spring)端做任何事情。
Details are here .详细信息在这里。
If you want to implement authentication for API clients using Cognito, then see Cognito docs for examples and manuals.如果您想使用 Cognito 为 API 客户端实现身份验证,请参阅 Cognito 文档以获取示例和手册。
FYI Application Load Balancer can be used to handle all authentication flow for API.仅供参考Application Load Balancer可用于处理 API 的所有身份验证流程。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.